Organizations of all types are struggling with protecting access to non-public personal information on customers and employees. With public disclosure of security breaches mandated by numerous privacy regulations, protecting access to confidential information is imperative. The consequences of failure are significant, including brand damage, erosion in customer trust, and negative impacts on market capitalization.

Over thirty states have now enacted information privacy and security breach legislation. These individual regulations require that organizations provide adequate protections for confidential information, and in the event of a security breach, many require public disclosure of the event to affected consumers. At the U.S. federal level, existing regulations such as Gramm-Leach-Bliley and HIPAA contain provisions regarding the protection of non-public personal information. And organizations operating internationally are subject to various privacy regulations as well. Beyond the penalties described in the various laws and regulations, class-action lawsuits are now becoming common as a result of security breaches involving consumer information.

Complying with information privacy legislation requires organizations to understand which regulations impact them, to assess where in their environment personal data is stored and used, to classify and inventory personal data, and to develop and maintain adequate controls to protect access to this information. Specific problem areas in information privacy compliance include:

• Identifying where non-public personal information is stored and used within the organization is a challenge

• Determining which privacy regulations impact the business, and understanding and reconciling differences in privacy regulation requirements

• Manual assessment methods using spreadsheets and word documents are error prone, and very labor intensive

• The results of manual assessments are not easily usable for risk reporting, decision making, or remediation management

• Business owners and vendors are tired of being "assessed to death", when many of their answers should serve to answer assessments against numerous compliance regulations

Avior BenchMark provides a "best practices" Knowledge Module for information privacy assessments. This module, developed with Avior BenchMark Knowledge Partner Minnesota Privacy Consultants, provides pre-built assessment templates, customizable workflow's, and pre-built and customizable privacy assessment reports. The Avior Information Privacy Knowledge Module makes it simple to get started in assessing and managing information privacy risks in your environment. Avior also ensures that the Information Privacy Knowledge Module is kept current with all major privacy regulations, including federal regulations in the U.S., Canada, Europe, Japan, New Zealand, and Australia, as well as US state privacy regulations.

Benefits of the Avior BenchMark Information Privacy Knowledge Module include:

• Significantly reduces manual labor for assessment activities, provides simple means to assess where personal data is used and stored, and to classify and inventory data

• Enables management visibility into privacy problem areas and risk hotspots

• Reduces the burden on business owners who are tired of completing multiple assessments for each compliance and privacy regulation

• Enables the privacy manager to leverage their efforts by distributing the assessment workload

• Reduces assessment costs, provides rapid Return on Investment