MorganHill is a leading provider of data privacy consulting and advisory services for GDPR, CCPA/CPRA, PIPEDA, along with all U.S. state data privacy laws, and numerous other international, country specific data privacy laws.

Current list of notable data privacy laws and regulations from different jurisdictions for which MorganHill has expertise on includes the following:

CPRA stands for the California Privacy Rights Act, which builds upon the existing California Consumer Privacy Act (CCPA) and expands the privacy rights and protections for California residents.

CPRA advisory services for CPR from MorganHill include:

MorganHill is a leading provider of GDPR consulting & advisory services to U.S. businesses. With today’s growing data privacy regulations now in full force - and the GDPR leading the way - U.S. businesses need to be prepared. 

MorganHill offers the following GDPR services: 

PIPEDA (Personal Information Protection and Electronic Documents Act) is a Canadian federal privacy law that governs the collection, use, and disclosure of personal information by organizations in the course of commercial activities. 

If you are looking for PIPEDA consulting services, MorganHill specializes in the following:

Per ISO/IEC 27002:2022 | 5.7 - Threat Intelligence, “Information relating to information security threats should be collected and analyzed to produce threat intelligence." Threat intelligence in cybersecurity refers to the knowledge and information gathered about potential or existing cyber threats. It involves collecting, analyzing, and interpreting data about various threats, including their tactics, techniques, and procedures (TTPs), in order to proactively identify and mitigate risks to an organization's information systems and assets.

Per ISO/IEC 27002:2022 | 5.8 - Information Security in Project Management, “Information security should be integrated into project management to ensure information security risks are addressed as part of the project management. This can be applied to any type of project regardless of its complexity, size, duration, discipline or application area.”

Per ISO/IEC 27002:2022 | 5.4 - Management Responsibilities, “Management should demonstrate support of the information security policy, topic-specific policies, procedures and information security controls.”

More specifically, best practices for management responsibilities in information security include the following:

Per ISO/IEC 27002:2022 | 5.5 - Contact with Authorities, organizations “...should specify when and by whom authorities (e.g., law enforcement, regulatory bodies, supervisory authorities) should be contacted and how identified information security incidents should be reported in a timely manner.” A good rule-of-thumb is to have a documented policy that lists the relevant authorities, their contact information, and what necessary actions to take with each respective authority. 

Per ISO/IEC 27002:2022 | 5.6 - Contact with Special Interest Groups, organizations, Membership of special interest groups or forums should be considered to improve knowledge, ensure an adequate understanding of information security, provide early warning of alerts, advisories, gain access to security advice, share and exchange information, and more. Luckily, there are a large - and growing - number of special interest groups available for IT personnel to subscribe to.