Global 100 Company Hired BDO After Violating the FTC’s Section V, GLBA, GDPR, FCRA, PCI-DSS, CCPA, and GLBA

Background & Challenges

A company operating in more than 160 countries hired BDO to develop a response plan, negotiate with global and U.S. regulators, prepare responses to Congress, and serve as the Data Protection Officer. 

Approach

We worked with many outside law firms, multiple businesses around the world, and continue to serve as the Data Protection Officer for this client. At the core of our services, we evaluated and assisted this company with remediating their collection, use, access, and sharing practices around credit card data, personal data, human resource data, and credit reports. 

Client Impact

BDO defined compliance and monitoring processes in each area to meet consumer, the data subject, and individual (consumer) rights and obligations. Specifically, BDO defined appropriate policies, processes, technology, and procedures to ensure that the company:

• Notify Consumers in accordance with each law,
• Implement appropriate escalation procedures, 
• Institute reasonable security safeguards to protect Consumer data (e.g., access controls, encryption),
• Establish regulatory reporting capabilities,
• Develop a comprehensive crisis management and incident response capability,
• Monitor Consumer reporting complaints and established appropriate call center management capabilities,
• Communicate policy violations and data breaches within the allowable time (to Regulators and Consumers),
• Establish third-party data sharing protocols,
• Develop consumer complaints request and resolution framework, methodology and processes,
• Establish appropriate internal data sharing practices, 
• Implement error rectification and correction practices, 
• Validated account authorization practices (e.g., signing, account initiation practice), and
• Establish records of processing/records keeping activities (e.g., data flows with associated risk factors, and data inventories, retention schedules, data classification).