Information governance and privacy services
Companies face growing risks in addressing information governance and privacy — two concerns that are converging in today’s digital era. A sound information governance and privacy strategy reduces regulatory compliance risk, increases operational efficiency and establishes a competitive advantage.
What EY can do for you
EY Information governance and privacy services teams consist of multidisciplinary professionals who support organizations in all facets of information governance, taking into consideration legal, regulatory and privacy concerns. Leveraging extensive experience helping clients respond to data breaches and conduct forensic investigations, EY teams focus on effective and efficient use of data, as well as managing privacy risks, through technology and process innovation.
Benefits of EY Information governance and privacy services:
- Deep knowledge of data protection and privacy regulations around the world and experience in cross-border data transfer
- Dedicated sector professionals who understand industry-specific data and regulatory challenges
- Multidisciplinary teams of talent in operations, data governance and regulatory compliance
- A data-driven approach, coupled with workflow and technology innovation, bringing precision, efficiency and deeper insights to privacy compliance programs
- A global network of local resources who understand regional, cultural and regulatory environments and work together under one consistent methodology to reduce risk and increase efficiency
EY Information governance and privacy service
Information governance and privacy program assessment development
EY teams help organizations develop or streamline data policies, procedures, reporting and controls, increasing efficiencies and mitigating risks. EY professionals work with clients to operationalize policies, identify and adopt technologies and create privacy-by-design and privacy-by-default standards. The teams advise organizations on how to embed information governance and privacy protection principles into their business processes. EY services also include developing and implementing change management plans and programs.
EY data classification services include scanning and analyzing unstructured and structured data sources to identify data that require additional protection (e.g., personally-identifiable information, intellectual property) or data that may immediately be disposed of (redundant, outdated or trivial). Leveraging advanced text analytics, artificial intelligence (AI) technologies and targeted interactions with data stakeholders, EY professionals work across industry sectors to help clients understand how their data is sourced, used and shared, as well as identify sensitive and personal data subject to legal and regulatory scrutiny.
Using forensic and electronic discovery technologies and tools, EY teams help organizations inventory and align sensitive and critical data to its enterprise systems and develop data maps to track data throughout its life cycle. Data maps allow an organization to understand whether personal information is being used or stored beyond its original, lawful purpose and to implement the proper controls for sharing data with third parties.
Data subject access request (DSAR)
EY teams help organizations design and implement workflows to efficiently respond to DSARs based on their data privacy requirements, processing activities, organizational structure and IT environment. In designing workflows to address a DSAR, EY teams identify when it is necessary to redact non-relevant and confidential information across the enterprise and build in the appropriate processes. Aided by an interactive EY case management tool, compliance and legal professionals can review DSARs for relevancy, privilege and confidentiality. The tool’s robust audit trail capability allows investigators to perform thorough reviews and provide strong supporting documents in the event of a regulatory inquiry.
Privacy impact assessment (PIA) — EY teams review a solution’s entire life cycle to identify potential compliance gaps, and document how privacy protection is embedded based on relevant regulatory or legal requirements. Operating under one standard global methodology, they also help build PIA workflows and controls for ongoing compliance monitoring as the solution evolves over time. Using AI and data analytics technologies, the teams perform risk analysis to provide the organization with the risk and business insights it needs to solidify its privacy risk management programs.
Third-party data privacy due diligence
To identify various scenarios of data misuse and privacy violation by third parties, EY teams perform contractual reviews, fact-finding interviews and forensic data analyses. The work focuses on a wide range of potential risky areas, such as data removal, transmission, encryption and audit. EY professionals use these investigative and forensic findings to help organizations benchmark against their peers, develop impact analyses and remediation plans, as well as prepare for potential litigation or regulatory inquiries.
M&A data separation
EY teams help companies manage separation activities for both electronic and physical documents during complex merger and acquisition activities. Using advanced text analytics, electronic discovery and document review technologies, EY professionals collaborate with companies throughout the transaction and help them develop principles, guidelines, decision matrices and detailed plans for data separation and integration. Services also include demand and capacity planning, release coordination, inventory creation and overall project governance. EY teams offer a “low-touch” approach for hard copy records that relies on statistical sampling and machine learning to reduce the need for manual reviews.
AI and data analytics review
EY professionals work with organizations to manage legal and compliance concerns resulting from the improper use of AI and analytics for various business and operational purposes. The services cover a wide range of risk scenarios such as employee error, algorithmic bias, faulty algorithm design, malicious manipulation and poor data quality, all of which can compromise the intended outcome of AI systems and lead to noncompliance with data protection and privacy regulations. The EY team has professionals with deep knowledge and experience in data science, algorithm design, forensic investigation and cybersecurity. They stay on top of the latest digital risks and AI use cases to help organizations safeguard their digital assets and comply with regulatory requirements while using AI and data analytics to meet business objectives.
Data retention and disposition
EY professionals help design and implement disposition decision frameworks that leverage innovative workflows and technologies, including advanced analytics, to dispose of data that has exceeded retention and legal preservation requirements. The work includes working with legal counsel to inventory an organization’s legacy and active preservation requirements and develop technology-enhanced workflows that efficiently operationalize both routine disposition and individual requests by data subjects to delete their personal information. EY professionals also assist legal, compliance and IT departments to identify retention requirements for records and enterprise information to meet regulatory and business obligations while also supporting timely disposition.
Technology that supports EY Information governance and privacy services
Powered by virtual analytics infrastructure (EY Virtual), a microservices-based AI and forensic data analytics platform, EY Information governance and privacy services can be deployed on-premises or via cloud, has the scalability to be used in multiple locations, and the ability to integrate with a multitude of data sources, both structured and unstructured.
Why information governance is more important than ever when it comes to protecting privacy