Rational Policy Tester Privacy Edition

A number of highly publicized online privacy breaches have caused a significant lack of trust among Web users. Misused or mishandled personal information has resulted in identify theft, financial fraud and other risks that collectively cost consumers, businesses and governments millions of dollars per year. Global governments and industry regulators have developed strict regulations to govern the collection, use, retention and distribution of consumers' personally identifiable information. Organizations trying to ensure their online businesses are in line with privacy policies, industry rules and applicable laws face major challenges. Is data collected on your Web site adequately protected as it is collected and transmitted?

Policy Tester can help improve the speed, accuracy and reliability of online privacy assessments.

Benefits:

• Reduces online risk by isolating quality, privacy, accessibility and compliance issues

• Increases online trust by managing issues that lead to customer mistrust

• Reduces costs through automation of manual tasks

• Minimizes risk exposure through Web technology consolidation

• Provides faster remediation by identifying issues more quickly than manual tracking, and reduces the risk of human error.

Privacy module reports:

Data Collection

- Form Inventory: Identifies forms that could potentially be inconsistent with privacy policies or lead to information leaks.

- Control Inventory: Provides summary information about the type of form controls used on a Web site and the number of pages that contain each type of control.

- Pages Collecting PII With Forms Using Get: Identifies pages that use the GET method of form submission - a method with known privacy vulnerabilities.

- Pages Collecting PII: Identifies pages collecting specific items of Personally Identifiable Information (PII) to ensure these pages meet specific requirements including links to a privacy statement, proper levels of encryption, and opt-out options.

Privacy Regulatory Compliance

The Privacy module reports potential compliance issues against the following legislation:

• Children's Online Privacy Protection Act (COPPA) Requires Web operators to adhere to specific collection, disclosure and protection practices regarding personally identifiable information of children.

• Gramm-Leach-Bliley Act (GLBA) Privacy Rules include provisions to protect consumers' personal financial information held by financial institutions.

• Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules regulate the way certain health care organizations handle the use of individually identifiable health information.

• California SB1386 & AB1950: California AB1 950 requires businesses that obtain, own or license personal information about California residents to implement and maintain reasonable procedures to protect personal information from unauthorized access, destruction, use, modification or disclosure. In addition, SB1386 requires notification to California residents if there is a breach or suspected compromise of their unencrypted personal information/data.

• Safe Harbor Offers a simple means of complying with adequacy requirements of the European Community's Directive on Data Protection.

• Section 208: is for U.S. Government agencies and protects the online privacy of U.S. citizens' information by facilitating privacy impact assessments and reporting.