A Privacy Assessment Tool Offers One Answer

The online-privacy game has many rules, but few ways to keep score.

The online-privacy game has many rules, but few ways to keep score.

Fiderus Corp., a privacy consulting firm based in Cary, N.C., seeks to address that issue. The company recently unveiled its Privacy Assessment Tool, which shows how well—or how poorly—organizations are doing in the privacy department. From business strategy to information technology, the tool considers privacy from a number of perspectives as it checks for compliance with both external regulations and internal privacy standards.

The goal is to provide clients "a baseline against which they can prioritize where they need investments to improve," says Peter Reid, principal of Fiderus national privacy practice.

Opportunities for improvement abound amid todays array of privacy regulations. Health-care providers are racing to comply with the privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA), which mandates standards to protect individually identifiable health-care information. Similarly, financial services firms have the Gramm-Leach-Bliley Act with which to comply. Companies doing business internationally have the European Unions "safe harbor" data privacy agreement to consider, as well as national online-privacy laws. Canadas Personal Information Protection and Electronic Documents Act—also known as Bill C-6—went into effect Jan. 1.

Fiderus Privacy Assessment Tool queries organizations on the specifics of HIPAA, Gramm-Leach-Bliley, and the like, but also probes with more general questions. For example, participants are asked how important they consider privacy as a business issue. Fiderus analyzes the responses to that and other questions and develops a score. The score then becomes a benchmark for measuring companies privacy progress.

Eventually, participants will be able to see how they mea- sure up to others in their industry sector. Fiderus will build a knowledge base to enable such comparisons as it completes more privacy assessments, according to Reid. Fiderus, not yet a year old, has thus far completed about a half-dozen assessments using its tool.

Fiderus aims to point companies in the right privacy direction, but may team with other firms to get them there.

Reid believes one way to help companies get rolling on privacy is to tie such initiatives to customer relationship management (CRM) projects. He says Fiderus does not plan to become a CRM integrator, but instead seeks to work with CRM specialists—both software vendors and professional consultants in the field. "We would advocate that … consultants from Fiderus would become part of the implementation team," Reid says.

Following the path of IT security checkups, privacy assessments will become more commonplace this year. Consultants have an opportunity to help customers meet current requirements, while preparing them for future privacy-related laws. Many observers believe Congress will pass a comprehensive online-privacy bill this year. If thats the case, companies such as Fiderus should have no shortage of assessment seekers.