Real Estate Investing Platform
AWS
Assignment
Research, report and provide guidance to ensure data privacy compliance under all state and federal laws, covering encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements.
Challenges
US data privacy law is complicated and ever-changing. When an investment platform wanted to ensure compliance across various US states, they partnered with ScaleSec. Within only a few months, ScaleSec reviewed thousands of disparate state and federal requirements against existing policies, processes, and cloud infrastructures to ensure PII and other sensitive data were protected, no matter the location.
ScaleSec helped a real estate investing platform achieve secure and compliant cloud infrastructure, enabling it to support its growth and provide a safer environment for their users.
Services Provided
Once ScaleSec understood the data content and how it was managed, ScaleSec reviewed the company’s existing compliance programs (policies, procedures, frameworks) against the thousands of separate state-level privacy requirements within the US. Using a state-by-state approach, ScaleSec identified which of these many laws would serve as the national baseline for each area of data protection. These functional areas included such topics as encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements. When ScaleSec understood how the compiled requirements related to the customer’s business model and architecture, current security programs were evaluated for compliance.
The final report provided guidance to ensure data privacy compliance under all applicable state and federal laws, including a one-page summary that gave clear, concise steps needed to reach compliance. The report also provided a state-by-state review, making it easier to understand the impact of adding or subtracting geographical service areas and markets.