Data Privacy

QoS understands how data breaches and exfiltration along with cyber-attacks can disclose our customers’ privacy data which can cripple an organization through extensive response and recovery resources and costs, reputation damage, and litigation. Privacy is one of the biggest cybersecurity concerns of organizations today. In the current climate of endless cyber-attacks and inferior cybersecurity defenses, QoS uses several methods to ensure our customers’ privacy data is protected. Our goal here is succinct – we strive to keep our customers’, their customers’, their partners’, and their employees’ personally identifiable information or PII (data that is used to identify a specific individual) safe through a holistic cybersecurity approach to ensure privacy data is secure. In other words, securing privacy data does not come from a “fire-and-forget” approach to privacy alone, rather it stems from a well thought out program for cybersecurity.

As an example of our support, QoS can help you address your privacy concerns by conducting a privacy impact assessment (PIA) to examine your organization’s information systems to identify privacy data that requires special handling. We routinely conduct PIAs to identify and reduce privacy risks within our customers’ organizations. QoS can accurately report to you how secure your systems are and what measures can be taken to reduce attacks which might expose sensitive PII. Upon completion of a PIA, you will be able to answer:

    • What information is being collected; e.g., nature and source
    • Why the information is being collected; e.g., to determine eligibility
    • The intended use of the information; e.g., to verify existing data
    • With whom the information will be shared; e.g., another agency for a specified programmatic purpose
    • What opportunities individuals have to decline to provide information where providing information is voluntary or to consent to particular uses of the information, other than required or authorized uses, and how individuals can grant consent
    • How the information will be secured; e.g., administrative and technological controls
    • Whether a system of records is being created under the Privacy Act, 5 U.S.C. 552a
    • Identification of Data Owners, Data Controllers and Data Processors in respect to the General Data Protection Regulation (GDPR) 

Finally, QoS has extensive experience in guiding organizations on synchronizing PIA events with established regulatory framework timelines to streamline your overall security compliance support operations, whether it be FISMA, SOX, SOC, ISO, GDPR, CCPA or GLBA.