cover
TO: Mayor Richard C. Ivin
FROM: Michael R Pegues, Chief Information Officer
Leela Karumuri, Director Cyber & Technology Risk
Mark Taghap, Chief Information Security Officer
DATE: December 9, 2024
SUBJECT:
A Resolution requesting to implement Privacy Readiness Review by Class-LLC, Atlanta, GA for a total amount not to exceed $100,000.00
PURPOSE:
To ensure the management of Personal Identifiable information systems owned or controlled by the City complies with the State, national, and global privacy regulations governing the collection, processing, and sharing of personal information.
BACKGROUND:
The key benefits of a Privacy Readiness Review (PRR) include improved security, reduced risk of data breaches, the ability to easily detect and respond to threats, improved data protection, simplified operations and increased trust and transparency between organizations and their customers.
According to the Criminal Justice Information Services (CJIS) Technical Security Audit Cycle 24 completed by the Aurora Police Department (APD), the City required to comply with State and local privacy rules and ensures appropriate controls are applied when handling PII extracted from Criminal Justice Information Services systems.
Resolution R22-218 approved a Payment Card Industry (PCI) compliance assessment completed by Crowe, LLC. The results of that assessment recommended the City establish and implement a Data Privacy Program regarding all sensitive information, including cardholder data. Crowe recommended that this program should include an assigned team, privacy impact assessments, policies, and procedures for protecting sensitive data, continuous monitoring of privacy controls and be visited and updated.
DISCUSSION:
City IT staff engaged Marketplace.city to find a suitable partner to perform a PRR. Staff desired to find a leader that could guide the development and deployment of a global privacy strategy for the City o...
Click here for full text