ICF has appointed Assistant General Counsel and Director Crystal Jones to oversee the Global Data Protection and ePrivacy program. As Data Protection Officer, Jones continuously ensures that ICF follows data protection best practices and maintains compliance with regulatory frameworks across the globe—from the European Union’s General Data Protection Regulation (GDPR) to California’s recent landmark privacy legislation.
As both a controller and processor handling large amounts of client, employee, and individual personal data across the world, ICF has adapted in design and practice to meet the requirements of these shifting frameworks.
Jones has worked to align the company’s internal practices and procedures with globally recognized data protection laws and regulations. The GDPR, as well as the unprecedented data protection standard set in California, are two recent examples of legislation around which ICF’s business has evolved. Jones will act as the main point of contact with regulators concerning related matters.
Jones, along with Joe Dyer, ICF’s Vice President & Chief Information Security Officer, has directed extensive efforts and resources toward making sure the data ICF handles is properly managed and secured with helpful guidance from the leading law firm DLA Piper LLP.
Jones’ Data Protection team, which resides within ICF’s Office of General Counsel, guides the company’s mandatory all-employee data protection training. Training for best data protection practices enables employees to comply with notice and lawful basis requirements, employ privacy by design and default principles, use privacy-enhancing technologies, such as multi-factor authentication and encryption, demonstrate accountability in all processing activities, and follow risk mitigation protocols.
The Data Protection team also implements diligent supplier data protection assessments and leverages commercial standard data protection-compliant data.
“As a global company, our commitment to privacy as a fundamental human right is central to our business and the work we do for our clients,” Executive Vice President and General Counsel Jim Daniel said. “I look forward to our continued efforts and to integrating these measures into our overall business delivery approach.”
ICF uses National Institute of Standards and Technology, the International Organization of Standards, Auditing Standards Board and similar robust standards as its baseline for information security policies and procedures. Annually, ICF undergoes independent third-party audits to maintain ICF certifications for ISO 27001, which validates its information security management as well as Statement on Standards for Attestation Engagements #16 and Service Organization Control #2, which validates ICF’s core corporate systems.
ICF is a global consulting and technology services company with approximately 9,000 employees, but we are not your typical consultants. At ICF, business analysts and policy specialists work together with digital strategists, data scientists, and creatives. We combine unmatched industry expertise with cutting-edge engagement capabilities to help organizations solve their most complex challenges. Since 1969, public and private sector clients have worked with ICF to navigate change and shape the future. Learn more at icf.com.