top of page

Technical Privacy Advisory

Securing users’ data is critical to every organization. The world has fully embraced the digital world, which in turn has led to propriety and confidential information being stored online and in systems. Privacy laws have continued to increase in their level of scrutiny in the last decade, spanning across local, state, and federal levels. If you have a digital footprint due to having employees or customers/clients in California, New York, Colorado, Canada, Europe, and more, you are responsible for implementing and maintaining privacy laws in your organization.

Although privacy is broader than technology since it is typically owned by the legal team in organizations, the majority of the privacy-related controls fall on your technology department to implement.

 

We can advise you on the various technical privacy related frameworks and help you implement them across your organization. 

 

Below are a few examples of popular privacy regulations: 

 

  • General Data Protection Regulation (GDPR) 

    • GDPR is a comprehensive European Union (EU) law that sets strict rules for how organizations collect, process, and store the personal data of individuals within the EU.
       

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

    • PIPEDA is Canada’s federal privacy law for private-sector organizations, setting rules for how businesses collect, use, and share personal information in commercial activities, balancing individual privacy rights with business needs, and applying across most of Canada except where similar provincial laws exist.
       

  • European Union (EU) Artificial Intelligence (AI) Act

    • The EU AI act is law regulating Artificial Intelligence, establishing a risk-based framework to ensure AI systems are safe, transparent, and respect fundamental rights, banning unacceptable risks (like social scoring), heavily regulating high-risk uses (e.g., hiring, critical infrastructure), and setting standards for others, aiming to foster trustworthy AI and potentially set a global benchmark like GDPR.
       

  • California Consumer Privacy Act (CCPA)/CPRA (California Privacy Rights Act) 

    • The CCPA is a landmark law giving California residents rights over their personal information, including the right to know what's collected, delete it, and opt-out of its sale/sharing, requiring businesses meeting thresholds to comply and establish a new agency (CPPA) for enforcement and consumer education, establishing strong data privacy in the U.S.. 

    • The CPRA is an expansion and amendment of the original CCPA (California Consumer Privacy Act), creating "CCPA 2.0" to provide stronger consumer rights and stricter business obligations.
       

  • HIPAA/HITRUST 

    • HIPAA is a U.S. federal law setting baseline rules for protecting patient health data, while HITRUST (Health Information Trust Alliance) offers a comprehensive, certifiable security framework (the HITRUST CSF) that helps organizations implement controls to meet HIPAA's requirements and other regulations through a risk-based, prescriptive approach, making it a way to achieve and demonstrate robust compliance. In short, HIPAA sets what must be protected, and HITRUST provides how to protect it. HITRUST specific certifications that can be obtained for your organization, which is most useful to organizations that store, transmit, or process personal health information (PHI).

Contact Us

Email: marci@slateresources.com

  • Facebook
  • Twitter
  • Instagram
  • YouTube

© 2025 by Slate Resources. All rights reserved.

bottom of page