The IAPP’s APIA tool for automating privacy impact assessments was released at the Global Privacy Summit 2014. Since that time, it has been downloaded by more than 2,000 organizations.
With the ability to load in customized question sets, assign tasks to various members of the organization via Active Directory, monitor the progress of a PIA as it develops, and issue auto-generated reports, APIA has become for many organizations a way of life.
For Lisa Ruff, business development manager at H3 Solutions, a small software consulting and development firm, it was a way to both demonstrate privacy compliance internally and externally for H3’s client base.
“Privacy is a key focus for us,” she said, especially as H3 often works with U.S. federal government customers. As they prepared to launch a new solution that took Sharepoint mobile for people using Office 365, “we wanted to ensure a level of comfort,” she said. “We wanted to make sure we did all we could up front to provide information to customers and be prepared as they asked us about privacy and security challenges.”
So, H3 used APIA to conduct a thorough privacy impact assessment, then shared the report with customers and potential customers. “We wanted a means for demonstrating what we do collect and what we don’t collect,” she said. Further, companies using the product could take the APIA-generated report and show it to yet further customers of theirs as they did their own consulting.
“We’d get asked, ‘What can you tell me from a security perspective?’,” Ruff said, “and I was able to just reply back and send them a privacy impact assessment.” Because of the format it was easily recognizable for CPOs and other compliance experts who didn’t have to read through a bunch of specs, but could simply read through a PIA as though they’d done it themselves.
“This helped solve a problem, too,” Ruff said, as they’re a small company where people work remotely. “With the lead engineer and myself, it was very easy because we don’t work in the same office, and it was great in terms of the collaboration and the workflow process.”
Ruff was also able to make use of APIA’s communal nature, going through some of the templates posted by others and using those to fine-tune her own question set.
What would they have used otherwise? “It probably would have been an excel spreadsheet,” she said. “But why cut and paste when you can press a button to do it, that’s the world we live in for Office products. Automation is key.”
Now, APIA is simply part of the product-launch process. “We’re a software shop," Ruff said, "so it’s a great tool that I know is in my pocket to have for the customer. Privacy is the number one button everyone asks you about.”
If you want to comment on this post, you need to login.