Data Privacy

EU General Data Protection Regulation (GDPR)

As the next monumental regulatory step forward in the protection of personally identifiable information following from EU Data Privacy Directive 95/46, the European Union promulgated the General Data Protection Regulation (GDPR), which went into effect in 2018. This regulation ttranscends geographic boundaries, comes with punitive sanctions of $20M Euros or 4% of an organization's global gross earnings, among other potential implications.


Through a standards based approach, CIMA helps clients understand and comply with GDPR including issues such as data subject consent and rights, data privacy policy, privacy impact assessments, and more.

California Consumer Protection Act (CCPA)

As one of the first and most impactful data privacy regulations in the United States, the CCPA has significant implications on companies handling personally identifiable information for residents of the state of California. The CCPA is considered by many to be the first GDPR like regulations in the US, and is likely to be a model for other state regulations to come.


We help organizations assess and comply with CCPA as a standalone or in concert with other regulatory requirements under their data protection program(s).

Health Insurance Portability and Accountability Act - Privacy Regulation (HIPAA)

As organizations across the US began digitizing patient health records in the 1990's, the concern for protect the personally identifiable patient records elevated. In response, the US Department of Health and Human Services promulgated data privacy and security regulation under the Health Insurance Portability and Accountability Act.


CIMA's CEO was involved from the beginning of HIPAA, and participated in a healthcare work group that published the first industry guide on how to comply with the HIPAA security regulation.

Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA is the current federal regulation in Canada that provides governing rules for private sector organization's collection, use and disclose of personal information in the course of commercial business.


CIMA helps Canadian and foreign companies align their data privacy programs for full compliance with PIPEDA.

The privacy act of 1974

In 1974 and under subsequent updates, the US federal data privacy regulation (Privacy Act) serves as a foundational law for data privacy on and offline, and is industry agnostic.


CIMA works with clients to ensure their data privacy programs meet or exceeds the expectations of the Privacy Act.

Children's Online Privacy Protection ACT (COPPA)

COPPA is a US regulation designed to ensure the privacy and protection of personally identifiable information of children online.


For organization that provide online access to information and resources to children under 16 years of age, we help you understand and comply with COPPA.

>