Data Privacy


Data Privacy

Archlight serves the unique needs of organizations by providing customized data privacy risk management, compliance, and program development services.

Archlight conducts privacy risk assessments based on applicable regional information privacy regulations/standards (e.g GDPR, HIPAA, CCPA, NIST Privacy Framework, UAE, Oman and Saudi PDPL). As well as international standards and regulatory requirements/best practices such as the HIPAA Privacy Rule and NIST Privacy Framework.

Our unique and practical approach is based on providing reasonable assurance that your organization meets necessary privacy compliance requirements in an efficient and cost-effective manner.

Privacy Services

Privacy Risk/Impact Assessments

Third Party Vendor Inventory

Education, Training & Awareness

Data Protection Officer as a Service

Policy & Procedure Development

Telehealth Privacy

Contact Us

Privacy Risk/Impact Assessments

Do you know if your organization is compliant with applicable data protection laws and regulatory standards?
Archlight’s privacy risk/impact assessment (based on GDPR requirements) identifies the controls (existing or planned) to comply with applicable regulatory requirements and the impact of data processing or a data breach attributable to the deficiency or absence of a required control.

Why Conduct a Privacy Risk/Impact Assessment?
In an increasingly connected world, some problems can arise simply from individuals’ interactions with systems, products, and services, even when the data being processed is not directly linked to identifiable individuals. For example, smart cities technologies could be used to alter or influence people’s behavior such as where or how they move through the city. Problems also can arise where there is a loss of confidentiality, integrity, or availability at some point in the data processing such as data theft by external attackers or the unauthorized access or use of data by employees. Data processing includes but is not limited to collection, retention, logging, generation, transformation, use, disclosure, sharing, transmission, and disposal.
Individuals, whether singly or in groups (including at a societal level) experience the direct impact of problems. As a result of the problems individuals experience, an organization may experience impacts such as noncompliance costs, revenue loss arising from customer abandonment of products and services, or harm to its external brand reputation or internal culture.
Privacy risk management considers privacy events as potential problems individuals could experience arising from system, product, or service operations with data, whether in digital or non-digital form, through a complete life cycle from data collection through disposal.
Once an organization can identify the likelihood of any given problem arising from the data processing ( i.e. problematic data action) it can assess the impact should the problematic data action occur. This impact assessment is where privacy risk and organizational risk intersect.

How Can We Help?
Archlight’s privacy risk and impact assessment evaluates against regulatory requirements set forth in key regulations such as GDPR regional regulations. We utilize industry standards and best practices to ensure organizations are able to meet requirements in a cost-efficient and effective manner and minimize negative impact to the organization as a result of operational decisions, strategic initiatives, data breaches resulting from lack of established controls.

Third Party Vendor Inventory

Do you have a complete and comprehensive 3rd party vendor inventory that meets the regulatory requirements

Education, Training & Awareness

Archlight develops and delivers security and privacy education, training, and awareness targeted specifically towards organizations that store, process, or transmit personally identifiable information (PII).

Typical engagements include:

  • Developing all training content
  • Preparing and developing a web-based training module
  • Developing a web-based quiz to grade user understanding of the training received

We can engage staff at all levels, including management, general users, and IT professionals.

The training will be comprehensive in nature but tailored specifically for your organization’s culture, environment, applications, work processes, and target audience.

The training content delivers practical and meaningful guidance for users to be good stewards of your organization’s data. The training also presents practical approaches to implementing good practices, which if followed, reduces potential exposure to unauthorized breaches and/or exposure of PHI through unintentional misuse of data.

Our training module is provided in a variety of formats of your choosing and can also be developed with formats that will integrate with your organization’s Learning Management System (LMS). Our training content also includes testing questions to verify user understanding and adoption of the training content.

We also provide training content for specialized topics including technical security training for IT administrators, privacy practitioners, and more.

Data Protection Officer as a Service (Outsourcing)

Is your organization struggling to find qualified staff to meet your patient privacy responsibilities and regulatory requirements?

To address the shortage of qualified security and privacy personnel in the market we offer staffing and outsourced professional services to organizations seeking to hire professionals to fulfill privacy and security officer responsibilities at a competitive rate. 
Through Data Protection Officer as a Service package selections certified privacy and security professionals can serve as your privacy and security needs on a full-time or part-time basis in order for your organization to meet regulatory requirements.
Privacy as a Service package options include the following:

  • Privacy Official Representation

  • Annual Staff Training and Awareness

  • Policy and Procedure Annual Review and Approval

  • Privacy Impact Assessment or Annual Risk Assessment

  • Incident & Breach Support

Policy and Procedure Development

Are you confident that your policies and procedures are comprehensive and inclusive of data protection laws, security standards, regulations or industry standards?

Archlight maintains a comprehensive set of security and privacy policy and procedure templates aligned with the latest regulatory requirements. We customize this master set to align with your specific organization size and structure to support regulatory compliance and robust security controls that are appropriate for your unique business needs.

We have worked with hundreds of industry leading clients for over a decade to review, assess, and develop security policies and procedures. Our policy and procedure development support services accelerate your ability to achieve certifications attestations and reduces the time and costs for your organization.

Telehealth Privacy

Does your telehealth solution comply with regulatory requirements related to data security and privacy?

Do you need your telehealth solution to be certified?

​Are you confident that your solution can stand up to a regulators audit?

Archlight has a proven track record for completing telehealth compliance and readiness assessment and the ability to meet regulators’ expectations to ensure that your telehealth solutions adhere to necessary requirements for approval and authorization.

​Archlight’s team possesses decades of experience conducting information privacy risk assessments for reputable and internationally known organizations.

Archlight’s telehealth privacy and security risks assessments identify the controls (existing or planned) to comply with applicable regulatory requirements and industry standards and the impact of a data breach attributable to deficiency or absence of a required control.