A Privacy Assessment Tool Offers One Answer

By John Moore  |  Posted 2001-03-19 Print this article Print

The online-privacy game has many rules, but few ways to keep score.

The online-privacy game has many rules, but few ways to keep score.

Fiderus Corp., a privacy consulting firm based in Cary, N.C., seeks to address that issue. The company recently unveiled its Privacy Assessment Tool, which shows how well—or how poorly—organizations are doing in the privacy department. From business strategy to information technology, the tool considers privacy from a number of perspectives as it checks for compliance with both external regulations and internal privacy standards.

The goal is to provide clients "a baseline against which they can prioritize where they need investments to improve," says Peter Reid, principal of Fiderus national privacy practice.

Opportunities for improvement abound amid todays array of privacy regulations. Health-care providers are racing to comply with the privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA), which mandates standards to protect individually identifiable health-care information. Similarly, financial services firms have the Gramm-Leach-Bliley Act with which to comply. Companies doing business internationally have the European Unions "safe harbor" data privacy agreement to consider, as well as national online-privacy laws. Canadas Personal Information Protection and Electronic Documents Act—also known as Bill C-6—went into effect Jan. 1.

Fiderus Privacy Assessment Tool queries organizations on the specifics of HIPAA, Gramm-Leach-Bliley, and the like, but also probes with more general questions. For example, participants are asked how important they consider privacy as a business issue. Fiderus analyzes the responses to that and other questions and develops a score. The score then becomes a benchmark for measuring companies privacy progress.

Eventually, participants will be able to see how they mea- sure up to others in their industry sector. Fiderus will build a knowledge base to enable such comparisons as it completes more privacy assessments, according to Reid. Fiderus, not yet a year old, has thus far completed about a half-dozen assessments using its tool.

Fiderus aims to point companies in the right privacy direction, but may team with other firms to get them there.

Reid believes one way to help companies get rolling on privacy is to tie such initiatives to customer relationship management (CRM) projects. He says Fiderus does not plan to become a CRM integrator, but instead seeks to work with CRM specialists—both software vendors and professional consultants in the field. "We would advocate that … consultants from Fiderus would become part of the implementation team," Reid says.

Following the path of IT security checkups, privacy assessments will become more commonplace this year. Consultants have an opportunity to help customers meet current requirements, while preparing them for future privacy-related laws. Many observers believe Congress will pass a comprehensive online-privacy bill this year. If thats the case, companies such as Fiderus should have no shortage of assessment seekers.

John writes the Contract Watch column and his own column for the Channel Insider.

John has covered the information-technology industry for 15 years, focusing on government issues, systems integrators, resellers and channel activities. Prior to working with Channel Insider, he was an editor at Smart Partner, and a department editor at Federal Computer Week, a newspaper covering federal information technology. At Federal Computer Week, John covered federal contractors and compiled the publication's annual ranking of the market's top 25 integrators. John also was a senior editor in the Washington, D.C., bureau of Computer Systems News.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel