Case study: Mazars cybersecurity: data privacy a national, commercial mortgage provider – California Consumer Privacy Act

Challenge:

A leading commercial real estate firm that sells, finances, and services commercial real estate processed personal data as part of its core business. Because some of their operations were under the jurisdiction of California, they wanted to understand their risk exposure from the CCPA and to define a clear plan to execute mitigate associated risk.

Existing challenges included:

• A clear understanding of CCPA requirements as they pertained to their operations
• Any gaps in compliance
• The completeness of their customer-facing privacy policy
• Obligations related to third-party contracts

How Mazars helped:

We assembled a team of skilled privacy professionals who were experienced in privacy program management, data protection impact assessments, and regulatory compliance. They worked with:

Risk compliance and control leadership, gaining an understanding of CCPA risks and developing a strategy to improve security and privacy controls

Approach:

• Reviewed existing policies, controls, and the ability to demonstrate compliance against CCPA requirements.
• Conducted an initial Data Privacy Program Assessment to determine the current state against CCPA requirements.
• Conducted workshops with stakeholders covering privacy, validating current operational maturity, and building consensus on possible solutions.
• Delivered the risk assessment, tactical action, and overall roadmap to implement policies and controls to improve data privacy operations and CCPA compliance

Result:

• An improved approach to data subject right response
• Increased understanding of privacy requirements and improved third party contract negotiations
• A clear plan on how to increase CCPA compliance

Visit our dedicated CCPA compliance page for further details or request to meet with our experts to discuss your compliance readiness.