Zero-Knowledge Introduces Enterprise Privacy Manager

Zero-Knowledge Systems, Inc., on Thursday introduced its new Enterprise Privacy Management software, a kind of knowledge discovery system for privacy policies.

Zero-Knowledge Systems, Inc., on Thursday introduced its new Enterprise Privacy Management software, a kind of knowledge discovery system for privacy policies.

The application, which is available immediately, is designed to automate many of the tasks involved in designing, implementing and enforcing a privacy policy. It also has a reporting and auditing function that helps chief privacy officers analyze and assess the effectiveness of their policies.

EPM takes privacy policies and translates them into digital objects that IT managers or CPOs can then manipulate and manage. Then, anytime an action is taken on the system that could affect the privacy of the companys customer or corporate data, the action is checked against the existing policy.

EPM can also automatically search for inventory customer and employee information stored in a companys corporate network and then incorporate data into the privacy policy. The aim is to reduce the risks and liabilities inherent in the creation and deployment of a privacy policy, company officials said.

The application allows the CPO to "understand not only the location of the personal information that the corporation has collected, but to model how they employ that information," Mark Weidick, Zero-Knowledges General Manager of Enterprise Products, told eWeek. "To conduct what-if scenarios in and around how they are using that information, and whether or not that use if consistent with the privacy policies they have put in place, or the regulations that would exist that would govern how that information is used."

Concerning regulations, Zero-Knowledge complements the software product with "policy packs," also known as "ontologies," which are digital updates on the current state of privacy regulations in various nations worldwide, and how, for example they may affect the clients particular industry.

"Theres a customization effort and a systems integration effort that will be done by both Zero-Knowledge and our service provider partners, to make sure that those policy packs are modified to describe exactly and specifically your unique environment," said Weidick. Zero-Knowledge does not assume any liability for policies enacted based on the updates, however, Weidick said.

EPM allows collaboration with various organizations throughout the enterprise, through an e-mail-type functionality. Those proposals do not have to be in anything other than plain language, however, Weidick noted. "Its not necessary for your co-collaborators to understand the richness of the application. They are asked to comment specifically on the area where they have expertise to facilitate use of the application."

Zero-Knowledge, based in Montreal, unveiled EPM at the Privacy and Data Security Summit in Washington, D.C. In a related announcement, the company said its Freedom consumer privacy and security software will now come pre-installed on Hewlett-Packard Co. Pavilion PCs.

The new EPM offering is designed to complement IBM Corp.s recently announced Enterprise Privacy Architecture (EPA), a framework for designing privacy policies.

"Weve continued to work closely with IBM, in and around extending our vision, and looking for opportunities to collaborate on technology," said Weidick. The two companies are looking to create complementary products around the EPA, said Weidick, although he stressed there is no "deeper partnership or alliance" with IBM.

Weidick said that Zero-Knowledge would announce in about one or two months its first customer wins for EPM, along with the partners in software vending and systems integration and service providers who are working with Zero-Knowledge developing the "PML" or the privacy markup language and accompanying standards for the EPM.

Looking further ahead, because the Internet is such an important part of the collection of personal information for business, in Web-based applications for e-commerce, health care, financial services and other industries, Zero-Knowledge is currently developing products to link those parts of the organization back to the CPO as well.

"We are working diligently toward the creation of an extension of XML that would facilitate that privacy-specific interaction between Web applications and our software," said Weidick. The public should see substantial progress on that development "later this year," he said.

Mike Gotta, a vice president of Meta Group, a business research firm based in Stamford, Connecticut, expressed deep skepticism about Zero-Knowledges technological solutions to the somewhat hazy issues of enterprise privacy.

"The position we have on privacy is that tools come last, so that some of the tools that are out there now dealing with privacy . . . theyre at the tail end of a program that companies have to put together to get privacy right," said Gotta.

"Most companies havent defined enterprise-wide frameworks," for privacy said Gotta. "Zero-Knowledge is a pathfinder in a market segment that is embryonic. That people have to look at from a program management and process perspective, not a technology perspective," he said.

Gotta depicted Zero-Knowledges product as "privacy middleware."

"That creates an overarching backbone around which applications and data gets plugged into. At an enterprise level thats incredibly complex," said Gotta. "Theyve talked about it fitting into IBMs enterprise privacy architecture, which is like, nebulous on top of nebulous. I dont know what the nebulous squared term is."