Domestic, cross-border and foreign obligations are included in our privacy attestation services.

​

As massive amounts of personal data are created, stored, and transferred, adherence to privacy laws and standards is more challenging and more imperative than ever before. The team at GRAYCPA provides privacy attestation services to help your business comply with required international, sector, and state privacy laws while maintaining a reputation for professionalism and strict security protocols.

​

INTERNATIONAL PRIVACY LAW

​

The scope and strictness of international privacy laws can often vary. If your business serves customers outside of your home country or region, you may be required to comply with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA). Be aware that foreign privacy principles can often be much different or even conflict.

​

US SECTORAL PRIVACY LAW

​

The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries. This approach includes laws such as the Health Insurance Portability and Accountability Act (HIPPA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), and the Children's Online Privacy Protection Act (COPPA). Your IT products and/or services may be required to adhere to one or more of these regulations, including comprehensive policies and procedures to comply. 

​

STATE PRIVACY LAW

​

Privacy laws now exist in just about every state in the US. Interestingly, these state laws can be broader and more strict than the federal laws. These business and legal obligations can be driven by statute or common law, which makes compliance with these regulations difficult. 

​

Our team can assist in assessing your compliance with privacy laws and standards.

 

READINESS ASSESSMENT

 

Privacy frameworks like GDPR or GLBA demand that organizations comply with their requirements through a formal review of their existing data privacy and security policies, procedures and technologies through a Readiness Assessment. The assessment identifies potential compliance gaps that need remediation. At completion, an internal-use-only report is issued with the assessment's results and design deficiencies are indicated.

​

ATTESTATION

​

GRAYCPA’s attestation services are conducting in accordance with AICPA standards to provide you with an assessment of your business’s data privacy system design and security programs and compliance with privacy laws and standards. The attestation report can then be provided to clients or users of the clients’ products and services to demonstrate adherence to strict privacy compliance standards.  

 

COMPLIANCE

 

After conducting our third party assessment, GRAYCPA can provide your business with a report that demonstrates your compliance with HIPAA and HITECH requirements.​