RKON

Private Equity Services

Real Estate Investing Platform

Filed Under:

INDUSTRY

Financial Services, Real Estate

LOCATION

New York, NY

PRODUCTS

Real Estate Investments

PLATFORM

AWS

Assignment

Research, report and provide guidance to ensure data privacy compliance under all state and federal laws, covering encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements.

 

Challenges

US data privacy law is complicated and ever-changing. When an investment platform wanted to ensure compliance across various US states, they partnered with RKON. Within only a few months, RKON reviewed thousands of disparate state and federal requirements against existing policies, processes, and cloud infrastructures to ensure PII and other sensitive data were protected, no matter the location.

RKON helped a real estate investing platform achieve secure and compliant cloud infrastructure, enabling it to support its growth and provide a safer environment for their users.

 

Services Provided

RKON began by gathering information about the types of data collected, what the data was used for, and how and for how long it was stored, transmitted, shared, and deleted. Concurrently, the customer developed a list of all current US states of operation, as well as those states targeted for expansion through 2025. Given various sources and means of gathering information (direct from consumer, financial institutions, publicly available data), assessment, storage, and transmission of data was complicated and difficult to categorize.

Once RKON understood the data content and how it was managed, RKON reviewed the company’s existing compliance programs (policies, procedures, frameworks) against the thousands of separate state-level privacy requirements within the US. Using a state-by-state approach, RKON identified which of these many laws would serve as the national baseline for each area of data protection. These functional areas included such topics as encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements. When RKON understood how the compiled requirements related to the customer’s business model and architecture, current security programs were evaluated for compliance.

The final report provided guidance to ensure data privacy compliance under all applicable state and federal laws, including a one-page summary that gave clear, concise steps needed to reach compliance. The report also provided a state-by-state review, making it easier to understand the impact of adding or subtracting geographical service areas and markets.

Results / Impact / Highlights

The company can now more easily plan their expansion strategy while fully integrating cloud security best practices, ensuring a highly-scalable, yet easy to change, data privacy stance. Rather than spend hours checking work against disparate laws, the cloud engineering team can now easily deploy in new areas with confidence. Substantial updates to the privacy policy and internal information security procedures provide a clear standard that’s easily communicated to customers, partners, and internal stakeholders, such as legal teams. Not only are they certain they’re protecting data to legal standards, but they can now communicate this to external stakeholders to instill confidence in their services.