The Cost of a Privacy Program Assessment

October 6, 2022 Chris Lippert

So your organization is looking for a comprehensive privacy program assessment. Now, whether you're just starting out or you have a mature program and are interested in a health checkup, you might be wondering what would an assessment like that cost? In this video, we'll break down the pricing and all of the different considerations that go into the scoping for that engagement.

Hi, I'm Chris Lippert, a senior manager here at Schellman, and I head up our privacy practice. I've been in the industry for over 10 years now, so I've seen the privacy industry go from almost nothing to what it is today.

So you're interested in the privacy program assessment?

These assessments typically range from $30,000 to $60,000. Let's break down what goes into that pricing and talk about some of the questions that we'll need answered to get more accurate information for your organization.

1. Internal, External, or Both?

The first factor is ultimately whether we're going to be looking for this privacy program assessment at your organization and your internal practices at an enterprise level. Or if we're going to be looking at services that you deliver to your clients, there's also the option available where we would be looking at both. So how that plays into the pricing scenario is that ultimately we would be looking at two different approaches to your privacy program. At the end of the day, the controls that you have in place for your customers are not going to be the exact same controls you have in place for your employee data, your sales and marketing data, et cetera.

2. How many data sets are in scope?

The second factor that we typically look at when we're doing pricing for the privacy program assessment are based on whether we're looking at, external or internal for those scopes, how many services or how many data sets are we looking at? Some businesses are only concerned about their sales and marketing data and maybe not their employee data. Some businesses are only looking at one service that they provide to customers and not the three other ones that they provide. Now, if you want to look at all of those services, depending on how centralized your privacy program and the supporting controls are, we could be looking at a different approach and different testing involved, which could drive up the price.

So $30,000 to $60,000 seems a wide range. What we can do is have our privacy team members work through a scoping exercise with you to get more accurate pricing for your organization. If you're interested in learning more about the privacy program assessment, go to our website, fill out our contact us form and we'll have a privacy team member reach out to you with further information. 

About the Author

Chris Lippert

Chris Lippert is a Privacy Technical Lead and Manager at Schellman based out of Atlanta, GA. With more than five years of experience in information assurance, Chris has a concentration in privacy-related engagements. He is an active member of the Information Systems Audit and Control Association (ISACA) and International Association of Privacy Professionals (IAPP) and advocates for privacy by design and the adequate protection of personal data in today's business world.

More Content by Chris Lippert
Previous Video
What is the SSPA Process?
What is the SSPA Process?

Next Article
What are the Benefits of an APEC CBPR/PRP Certification?
What are the Benefits of an APEC CBPR/PRP Certification?

The APEC CBPR/PRP privacy framework is going global, and it could benefit your organization. We detail what...