We strive to form meaningful partnerships with every client

The advent of the internet gave rise to new opportunities and technologies such as cloud computing, web site e-commerce, and email, bringing forth many new types of businesses and new ways of collecting, managing, and sharing information. It has also evoked some of the most commonly reported cases of fraud today. Creating and committing to a culture of privacy and security and developing a privacy and security program that evolves with an organization is a must for the commercial sector. We help our clients mature their privacy programs to align with growth and future goals that continue to deliver excellent controls to keep their data safe.

Federal agencies that manage our nation’s framework such as energy, health and human services, national security, and financial services, depend on electronic information systems and data to manage operations. The public’s confidence in these agencies to protect their personal information and the nation’s overall safety and well-being is paramount. Having privacy and security controls and processes in place is critical to protecting that confidence. Kuma brings to their federal clients their unique privacy engineering approach to offer a balance between policy and technology stacks that provide coordinated privacy control and implementation throughout the entire solution. The early steps of the privacy engineering approach are based off security engineering principles and together they inform best practices to seat privacy properly and ensure the trust of federal agencies is effectively in place today and as ongoing needs emerge.

Privacy and security processes and strategies are critical for the financial sector. Consumer data protection is a leading concern for banks and other financial institutions. Data privacy and cybersecurity legislation (California Consumer Privacy Act - Assembly Bill No. 375 CHAPTER 55 and New York Department of Financial Services [23 NYCRR 500] Cybersecurity Requirements for Financial Services Companies) has been enacted in most U.S. states and the European Union, driving an increased need for robust privacy and security programs. Kuma’s privacy and security services provide robust solutions that align with the financial sector’s needs to implement a world class privacy and security controls and leadership.

Securing patient health information is a top priority for patients, health care providers and professionals, and the government. Federal laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) require persons and organizations that handle health information to have policies and security safeguards in place to protect and share health information – stored both on paper or electronically. There are additional health information rights that vary by state and federal laws that add extra layers of protection for specific types of health data such as alcohol and substance abuse treatment. Balancing the interests of all healthcare stakeholders to enable ease of sharing critical health information between providers and with patients through electronic portals while meeting regulatory compliance and achieving industry certification (such as HITRUST) is imperative for healthcare organizations. Kuma offers a wide range of services and guidance to help you navigate the healthcare privacy and security landscape, including CISO and CPO services.

On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect, impacting businesses inside and outside the European Union (EU). EU organizations, and those that do business with EU citizens, are bound to these new privacy rules. Taking steps to secure consumer data and have a program in place that ensures compliance is critical in today’s international market. Kuma can help you assess how data is used in your business and advise and implement imperative controls, and can serve as your Data Protection Officer (DPO).

State and local government agencies collect and store vast amounts of information from citizens including highly protected health information and criminal and civil investigations. Laws that regulate the use, sharing, and disposal of private information must be met with compliance, and policies and processes must have protections in place that protect consumers and manage risk. Kuma helps agencies assess current privacy practices and based on discovery results, develop and execute privacy program implementation tasks and provide a roadmap to advance privacy throughout their organization. Kuma also offers ongoing support and Privacy Impact Assessments (PIAs).

Vast amounts of personal data are contained on the internet, satellites, mobile phones and other communication devices, exposing the telecommunications sector to many types of risks and security incidents. Compliance with legal and regulatory requirements and having tight security controls in place is necessary to mitigate security risks both internally and externally.