SIPO | Stand-In Privacy Officer

Stand-in Privacy Officer®

Hiring a full-time employee to assess, implement, and monitor a data protection program

can be cost-prohibitive for a small business.  Turn to CSR for a certified privacy professional

who can fill the role on a monthly retainer basis for a fraction of the cost.

A COST-EFFECTIVE PRIVACY OFFICER FOR YOUR SMALL BUSINESS

If ever there were a time for businesses to invest in data security, that time is now. Cyber-criminals are specifically targeting small businesses, and an increasing number of companies are falling victim to serious data breaches that compromise sensitive information. Your company’s reputation, future opportunities, and financial well-being are on the line.

CSR's Stand-In Privacy Officer (SIPO®) service provides on-demand access to a privacy professional. This comprehensive program features CSR’s valuable privacy solutions, tailored to your company’s size and needs:

  • CSR Readiness® Privacy Assessment empowers you to protect your company data. After you fill out an online questionnaire, CSR’s experts provide targeted solutions, best practices, and policies to improve your handling of PII and reduce the chance of a data breach in your organization.
  • CSR Breach Reporting Service™ ensures you are not alone if a data breach occurs. CSR experts will immediately assess the situation, report the incident to required entities, and help you notify individuals whose data has been compromised.
  • Consulting Services with a Certified Information Privacy Professional (CIPP) help your organization pinpoint tailored solutions and work toward implementing them. Tiers range from two hours per month to a dedicated privacy officer.
  • Other benefits, including custom policy development, customized action plans, regularly scheduled privacy reviews, access to a customer portal with best practices, an analytics dashboard, and the ID Stay Safe Trust Shield Program seal for public display. Optional services include custom privacy analyses, remediation implementation, and custom privacy training.
WHAT ARE THE BENEFITS TO YOUR BUSINESS?

  • Provides peace of mind thanks to a reduced risk of a data breach
  • Mitigates the cost of civil and/or criminal penalties due to non-compliance
  • Prioritizes information privacy protocols and practices in your company
  • Offers your company a clear understanding of information privacy requirements
  • Saves the significant expense of hiring a full-time privacy officer
  • Offers guidance from certified privacy experts specific to the geographic location: U.S., Canada, and Europe. Asia is forthcoming.
  • Offers guidance from experts certified in privacy for Government and Managment functions.

In a world of cyber-attacks and ever-changing data protection laws, most Fortune 500 companies have hired a full-time privacy officer (PO). The mean base salary of a Certified Privacy Officer (CPO) is $173,000 per year, according to the International Association of Privacy Professionals' 2015 Salary Survey. For many small businesses, this expense may be unnecessary—or downright unaffordable.

But regardless of your company’s size or income, the laws and regulations surrounding data breaches and data protection still apply. A small business is subject to the same mandates as a large corporation—despite the fact that it has far fewer resources.

Invest in the CSR Stand-In Privacy Officer program/service to to assess, implement, and monitor a data protection program, and to deal with a breach should one occur..

SIPO TIER 1

10-20 Employees

$1,000 / month

10% Discount on additional hours

2 CIPP hours / month

Readiness Privacy GAP Analysis

Readiness Remediation Recommendation Review

6 month Business Privacy Review

Privacy Best Practices

Policy Templates - for an additional fee

Breach Reporting Service

Custom Privacy Consulting - hourly rate + travel

Standard Privacy Training - can be customized for additional fee

Special Projects - Can use retainer & contract for additional time

SIPO TIER 2

21-40 Employees

$2,000 / month

15% Discount on additional hours

3 CIPP hours / month

Readiness Privacy GAP Analysis

Readiness Remediation Recommendation Review

4 month Business Privacy Review

Privacy Best Practices

Policy Templates

Breach Reporting Service

Custom Privacy Consulting - hourly rate + travel

Standard Privacy Training - can be customized for additional fee

Special Projects - Can use retainer & contract for additional time

SIPO TIER 3

41-60* Employees

$3,000 / month

20% Discount on additional hours

4 CIPP hours / month

Readiness Privacy GAP Analysis

Readiness Remediation Recommendation Review

3 month Business Privacy Review

Privacy Best Practices

Policy Templates

Breach Reporting Service

Custom Privacy Consulting - hourly rate + travel

Standard Privacy Training - can be customized for additional fee

Special Projects - Can use retainer & contract for additional time

* Clients with more than 60 employees should call to discuss pricing and program options.
WHAT IS A PRIVACY OFFICER?

As data becomes increasingly important to businesses, the issue of data privacy has been propelled to the forefront. Securing sensitive information poses greater challenges than ever—and expecting a tech-savvy team member or tiny IT team to whip up a comprehensive data protection program is not realistic.

A privacy officer—often referred to as a designated privacy officer (DPO) or chief privacy officer (CPO)—is an executive-level employee dedicated to formulating, implementing, and maintaining a program that complies with the latest laws and regulations to safeguard PII or other confidential data. In some areas, a company is required to have a CPO (or at least a team member designated as CPO).

The first known CPO in the United States was hired in 1999. An Internet advertising firm appointed a privacy lawyer to the brand-new position, and many companies quickly followed suit. By 2000 when IBM hired Harriet Pearson as their CPO, it was clear the role was here to stay.

However, in today’s economy, many small businesses are unable—or unwilling—to hire a full-time privacy officer. Though many are worried about the possibility of data breaches caused by cyber attacks, 51 percent of small businesses do not allocate any of their budget to mitigating the risk of data breach.

WHY DO SMALL BUSINESSES NEED DATA PRIVACY EXPERTS?

  • Small businesses are targets. Around 62 percent of cyber attacks hit small and medium businesses.
  • Most businesses have data that hackers want. Though many small businesses report they don’t store valuable data, that’s not quite true. Nearly seven in ten store email addresses, over six in ten store phone numbers, and more than five in ten store billing addresses.
  • Cyber attacks are becoming more sophisticated. Data-driven businesses prove tempting to skilled hackers. Spyware, malware, and viruses have become not only more prevalent, but more difficult for the average person to detect.
  • A data breach can shatter a company’s reputation. A leak of customer PII can spell the end for a small businesses if they don’t have a strategy for preventing a PR nightmare.
  • Privacy laws and regulations are changing and increasing. Companies that skimp on privacy resources now will be scrambling to catch up in a few years.

Contact the Privacy Experts at CSR