Privacy experts from the Information Governance, Privacy & Security practice within FTI Consulting’s Technology segment were engaged to conduct a biennial privacy and data protection assessment for a large, global technology company.

As an independent assessor, FTI Technology examined the client’s privacy program, privacy risk assessment process, internal trainings and the design and operating effectiveness of the client’s data protection controls. The team then delivered a comprehensive written assessment of the client’s privacy program as required by the consent order with the Federal Trade Commission (FTC).

Our Role

FTI Technology’s assessment, methodology and findings were based on the team’s professional judgement, experience and industry knowledge. The assessment included risk-based sampling and validation to evaluate controls, using the following techniques:

  • Document review across policies, procedures and supporting evidence to verify the existence and use of privacy practices and required controls. This included comparing existing privacy procedures against recognized standards such as NIST and GAPP.
  • Stakeholder interviews across numerous business units in the client’s organization, to understand and document privacy and data protection controls.
  • Observation and walkthroughs of the client’s privacy controls to assess the design of the client’s privacy controls and to determine whether those controls were operating effectively throughout the required reporting timeframe.

The results of these reviews were documented and distilled in a detailed report that was provided to the client—which it then delivered to the FTC as required by the consent order.