SITUATION
FTI Cybersecurity was engaged with a healthcare technology company to provide internal privacy program support in response to a FTC Consent Order, including development of privacy controls, a governance framework, perform privacy risk assessments and controls testing, and facilitate engagement with possible third party assessors.
OUR ROLE
Our team established two workstreams: 1) A Program Development workstream to oversee policies and controls development, documentation development, risk assessment, controls effectiveness and testing, and order preparedness; and 2) a Technical workstream that oversaw third-party analysis, covered user notification analysis, and data retention and deletion.
The FTI Cybersecurity team designed, implemented, and facilitated the testing of controls to meet regulatory compliance, including data inventory, change management, promotional material review, third party risk management, and other requirements pertaining to the collection, use, and disclosure of PII.
OUR IMPACT
FTI Cybersecurity helped build the client’s privacy program, develop its privacy controls framework and documentation, and provided a privacy risk assessment report in preparation for its assessment.
FTI continues to provide support to the client as it continues to mature its privacy program and ensure that it continues to meet all obligations under the Order.