Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community / Privacy: Information Inventory / Data Mapping

Privacy: Information Inventory / Data Mapping

GDPR, the California Consumer Privacy Act (CCPA), and other emerging privacy laws and regulations impose privacy and security obligations on covered entities.  CCPA, for examples, provides consumers with the following privacy rights: [1]

  1. Right of Disclosure: To request the categories and pieces of information collected, sold, or disclosed about the consumer going back 12 months
  2. Right of Deletion: To have certain information deleted, both from the business and any service providers with which the business shared the information.
  3. Right to Opt-Out: To opt out of the sale of their information (Those under the age of 16 must explicitly opt in to any such sale).

Citadel supports our clients wanting to ensure their ability to comply with these privacy laws, honoring requests to disclose, to delete, and to opt-out.

As attorney Robert Braun has written: Understanding how the company collects, processes, transmits and stores data – as well as how it’s used and who uses it – is the foundation of a data privacy program and the key to complying with the Act and most other privacy regulations. (Robert is a Partner in the law firm Jeffer Mangels Butler and Mitchell and a member of the SecureTheVillage Leadership Council.)

With this in mind, Citadel’s Information Inventory / Data Mapping services are designed to meet these requirements.

  1. What controlled information you have
  2. Where it is: desktops, servers, cloud, smartphones, laptops
  3. Who Manages It: department, individual
  4. Why You Have It
  5. How Long You Keep It
  6. How You Control Access
  7. How You Secure/Delete It
  8. 3rd-Parties To Whom You Provide Access or Sell It; 3rd-party security and privacy controls

This includes all of the following categories of information:

  1. Name, Addresses, Social Security Numbers
  2. Credit Cards
  3. Health Information
  4. Email Addresses
  5. Digital Identities
  6. Internet Activities
  7. Consumer history
  8. Etc

In developing the Information Inventory, Citadel works across your entire organization. More than just management, Citadel provides leadership: we work to break down silos, get effective cross-functional communication, and surface shadow files and other “unofficial” information repositories. We work within our client’s risk tolerances and with the guidance of the client’s legal staff.

  1. Involved Departments that collect, process, transmit, and store protected information
  2. IT management
  3. Information security
  4. Law

We document the Data Inventory / Data mapping as appropriate using tools such as

  1. Spreadsheets
  2. Network Maps
  3. Visio Diagrams
  4. Data-Flow Diagrams
  5. Reports / Narratives

In developing and documenting the Data Inventory / Data Mapping, we use several tools as appropriate including

  1. Spreadsheets
  2. Program Management Tools
  3. Data Discovery Tools
  4. Special Purpose Tools, such as Inventory and Deletion Tools
  5. Data classification tools built into AWS, SQL, etc.

Background Information & Additional Resources

SecureTheVillage: Information Classification and Control

SecureTheVillage: General Data Protection Regulation (GDPR)

SecureTheVillage: California Consumer Privacy Act (CCPA)

[1] CCPA has an additional right — The Right to Be Compensated in Event of Data Breach. The California Consumer Privacy Act (CCPA) private right of action establishes statutory damages of between $100 and $750 per incident for consumers whose personal information has been compromised by a breach of personal information resulting from the business’ “violation of the duty to implement reasonable security procedures and practices appropriate to the nature of the information to protect the personal information. Our Defendable Security Procedures and Practices service is designed to assist organizations wanting to ensure their information security procedures and practices are suitably defendable.

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community

  • Citadel’s Information Peace of Mind ® Program
  • Assessments and Reviews
  • Information Security Policies and Standards
  • Privacy: Information Inventory / Data Mapping
  • SecureTheHuman
  • Client Success Stories
  • Security Management of the IT Network / Infrastructure
  • Phishing Defense Training
  • Incident Response / Business Continuity
  • CCPA and Defendable Security Procedures and Practices
  • Litigation Support
  • Secure Application Development — Learn By Doing
  • Keynotes

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy