MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.

 

About Our Strategic Consulting

Ponemon Institute offers the following strategic consulting services to assist organizations.

Privacy Strategy, Assessment and Assurance

We assist organizations in the private and public sectors in the development of a strategic vision for privacy and data protection. Some of our consulting services include:

  • Guidance on how the organization’s privacy and data protection program should be structured and staffed.
  • Analysis based on Ponemon Institute’s benchmark data that compares the organization’s privacy and data protection practices to others in their industry. 
  • Risk assessments to determine privacy and data protection gaps.
  • Preparation and review of policies and procedures.
  • On-going counsel on privacy and data protection issues and related regulatory trends in the U.S. and around the world.
  • Development of a data classification schema to assist organizations in understanding potential business and regulatory risks.

Privacy and Data Protection Training and Awareness

We assist organizations in the private and public sectors in all facets of privacy and data protection training.

  • Design and customize training programs for advancing awareness of an organization’s commitment to good privacy and data protection practices.
  • Assist in the measurement of the training program’s effectiveness.
  • Data@Risk is an innovative, team-building game about privacy and data protection issues in an organization. The goal is to increase awareness and understanding about how to respond to real-world consumer privacy and data protection situations and conflicts. The game can supplement existing privacy awareness programs in an organization and build teamwork.

Global Compliance and Safe Harbor Certification (Under the Department of Commerce—European Union Safe Harbor Agreement)

We assist organizations in becoming Safe Harbor certified. The typical steps involved are: 

  • Privacy risk assessments and gap analysis focused on trans-border data flows, analysis of policies, information sharing agreements or other related materials describing the transmission of regulated data from European Union countries to the United States and other non-EU locations around the globe.
  • General assessments of existing privacy and data protection activities with comparison to known benchmarks for data protection with focus on all personal information including customer, consumer, and employee data and the evaluation of data security architecture with in-house IT department and, possibly, outsourcing vendors.

Privacy Impact Technology Assessments Based on Responsible Information Technology Principles

These assessments are conducted to determine whether a product is consistent with the developer’s privacy objectives and commitments. Typical steps include:

  • Development of a strategic plan for managing potential privacy and data protection risks associated with the collection and management of personally-identifiable information associated with the technology.
  • A privacy and data security assessment to determine risks associated with privacy regulations and scrutiny by consumer advocates and their potential impact on the business model.
  • Guidance on the creation of a privacy office, governance structure and board of advisors for privacy and data protection issues.
  • Tactical guidance on the development and execution of privacy and data protection policies and procedures.

Our final report will include privacy and data security policies and procedures and recommendations on the development and execution of privacy and data protection policies and procedures.

Benchmark Analysis of Corporate Privacy Practices

Ponemon Institute’s Corporate Privacy Practices Benchmark Tool enables companies to benchmark their privacy program and activities against other organizations. The tool focuses on eight (8) functional areas: privacy policy, communications & training, privacy management, security methods, privacy monitoring, choice and consent, redress and enforcement. (Provide link to tool)

Privacy Breach Index ™ Benchmark Report

Ponemon Institute created a benchmarking tool called the Privacy Breach Index (PBI)™ to measure the ability of companies to respond to a data loss or theft, especially when it concerns information about people and their families. The Privacy Breach Index (PBI) benchmark tool can assist companies to do the following:

  • Improve existing procedures and safeguards for prevention of a data breach.
  • Determine areas where an organization is most vulnerable to a data breach.
  • Benchmark your organization’s response to a data breach against other companies.

The PBI survey questions address the core activities that encompass all aspects of a company’s data loss incident response, such as: detection and forensics, escalation to management, notification quality and timeliness to breach victims, support to breach victims (such as credit monitoring or identity theft protection), post-mortem response, reputation management and response to regulatory or legal action. Your responses will be benchmarked against the responses of other organizations.