
| Try the members of the Privacy Consortium, a global network of independent privacy experts. |
| Privacy firm | Type of firm | Contact | Location | Year founded | Geographic or functional focus |
| Pat Jeselon & Associates Consulting | Consulting | Contact | Toronto | 1998 | Canada. Interested in expanding into the USA. |
| HR Privacy Solutions | Consulting | Contact | Delhi (NY) | 1999 | Global privacy programs for multi-national employers, including workshops, assessments, European transborder and notification requirements, compliance strategies and options, policies, procedures, training and monitoring of regulatory developments. |
| Ponemon Institute, LLC | Research & Consulting | Contact | Michigan & Washington, DC | 2001 | Research on privacy, data protection and information security policy; benchmarking services; independent verification |
| Nymity, Inc. | Information Service | Contact | Toronto | 2002 | Web-based privacy support |
| Chapell & Associates, LLC | Consulting | Contact | New York | 2003 | Privacy program development, with a focus on interactive and technology organizations |
| Corporate Privacy Group, a division of Three Forts, LLC | Consulting | Contact | Seattle area | 2003 | Employee awareness and training on privacy; strategic planning for privacy |
| Privacy Ready, LLC | Consulting | Contact | Portland (OR) | 2003 | Privacy program development and assessment, specializing in interactive marketing privacy guidance |
| JMC Privacy Consulting Group | Consulting | Contact | Los Angeles | 2003 | Enterprise-wide privacy data risk assessments; mitigation strategies and techniques; privacy impact and policy assessments; prioritized breach prevention recommendations and compliance; training/employee awareness programs. |
| Information Integrity Solutions Pty. Ltd. | Consulting | Contact | Sydney & Canberra | 2004 | Privacy Strategy & Thought leadership, privacy impact and risk assessments, identity management strategy and policy, privacy in the Asia Pacific & the APEC Privacy Framework |
| Rebecca Herald, LLC | Education & Consulting | Contact | Des Moines | 2004 | Information security, privacy and compliance program development and troubleshooting; third-party assessment; & raising privacy and security awareness and understanding in organizations of all sizes throughout the world. |
| Sixweight | Consulting | Contact |
Townsend (MA) |
2004 | Privacy-savvy communications consulting services, including strategic program analysis, planning and management; crisis communications planning and execution; media training; and media relations. |
| Privacy and Information Management Services, LLP | Law | Contact | Atlanta | 2005 | All legal matters related to information management |
| Tom Considine and Associates | Consulting | Contact | Reno, NV | 2005 | On and off-site Information Protection Manager training program (nationwide), computer system security assessments, risk assessments, security policies and program development, third-party vendor assessments, and employee awareness training. |
| Minnesota Privacy Consultants | Consulting | Contact | Minneapolis | 2006 | Global privacy assessments, policies & processes; data inventorying and mapping; privacy breach plans |
| Privacy Compliance Group, Inc. | Consulting | Contact | Dallas | 2006 | Privacy program development |
| Samet Privacy, LLC | Consulting | 323.939.DATA (3282) | Los Angeles | 2006 | Privacy assessments, audits, policies and training, Web, technology, and new media, COPPA, TRUSTe, Safe Harbor |
| Policy and Risk Consulting, LLC | Consulting | Contact | Minneapolis | 2006 | Governance, Risk, and Compliance (GRC) program development and management. |
| Secure Privacy Solutions, LLC | Consulting | Contact | Los Angeles | 2007 | Risk assessments, privacy policies and training/employee awareness programs to Orange County/San Diego companies. |
| Data Protected, Ltd. | Consulting | Contact | London | 2007 | Consultancy business advising on compliance with UK privacy and data protection laws. Full range of advisory services including devising compliance programmes, drafting privacy polices and related documentation and dealing with investigations from the regulator. |
| Law Office of Kris Klein | Law & Consulting | Contact | Ottawa | 2007 | Data protection and access in Canada; transborder dataflows, data breaches, and dealings with privacy commissioners; consulting, training, and legal representation. |
| Dawn Nelson | Consulting | Contact | Sidney (NE) | 2008 | Website and business management in user experience, responsible information management relative to privacy/data collection, brand reputation, PCI compliance and incident response management. |
| Navigate, LLC | Consulting | Contact | Maryland | 2009 | Comprehensive strategic and tactical information protection & privacy consulting. |
| Privacy Associates International, LLC | Consulting | Contact | Novi (MI) | 2009 |
Domestic and international privacy initiative development and implementation. Experience in data breach programs; cross-border solutions; marketing, HR, financial services and healthcare privacy compliance and best practices. |
| Good Security Consulting, LLC | Consulting | Contact | Atlanta | 2009 | Risk-based privacy and information-security strategies. |
| SoCal Privacy Consultants | Consulting | Contact | San Diego | 2009 | Privacy & infosec programs; policies; breach planning, investigation & response; regulatory inquiry response; risk assessments; 3rd-party assessments; staff awareness & training; ISO 27002, HIPAA, & GLB; retained CPO services. |
| InfoLawGroup LLP | Law Firm | Contact | U.S.A. | 2009 | International compliance and transactions |
| PrivaSense | Consulting | Contact | Oisterwijk, The Netherlands | 2010 | Strategic and policy consulting for complex or global organizations, privacy and compliance program development, quick scans, privacy impact and risk assessments, training and awareness, CPO services, stakeholder communication and public affairs. |
| Athena | Consulting and Auditing | Contact | Washington, DC | 2010 |
Information governance and privacy advisory services, to develop and implement governance over information assets, and to assess the effectiveness of associated programs, policies, controls, and monitoring. |