Privacy-information services: The free, the cheap and the pricey

1 2 3 4 Page 3
Page 3 of 4

The strength of these services is their depth and breadth. Subscribers gain the opportunity of acquiring a detailed understanding of narrow questions across multiple jurisdictions. That said, these services mostly lack an on-demand way to search for answers.

Searchable databases

The crown jewel for any privacy officer, however, is to be able to tap a person or database on demand to answer narrow questions for obscure situations. Last month, I gained access to the two leading privacy-database services. I tested how effective they were at providing answers to a battery of questions facing CPOs today.

What were the results?

I'd call DataGuidance the "LexisNexis" of privacy and PrivaWorks the "Westlaw" of privacy. Those who've used both know that Reed Elsevier's LexisNexis offers a simple interface, while Thomson Reuters' Westlaw provides a more robust set of filters and features.

DataGuidance right now is the place to go for European content. I tested six types of questions U.S. companies often have about complying with EU member-state data-protection laws:

  • What kind of consent do I need for direct marketing in Europe? (112 hits)

  • What privacy restrictions are there for conducting cross-border health care? (102)

  • What must I do to notify EU authorities about my data practices? (85)

  • What strategies and best practices for binding corporate rules are there? (12)

  • What kind of employee monitoring can I do in Europe? (32)

  • What is the status of data-breach notification in Europe? (32)

I found it easy to use the DataGuidance filters. Choose a jurisdiction and a topic, then hit "search" The reference materials that show up are a combination of government documents and analyses written by practicing privacy attorneys from a number of reputable firms. Once inside the topic, you can filter for applicable regulations and case law. The reference materials are well tagged, so it doesn't take long to determine if the database contains your answer.

Where does DataGuidance have room to improve? There are no apparent cross-jurisdictional matrices presenting the answers across all 28 member states for any of the questions I tested. And there doesn’t appear to be one common template for the analyses. The authors structure their analyses differently and go to varying levels of detail. The result is that it's hard to find a pan-European answer to any question at the same level of detail.

When you can't find the answer you're looking for, both DataGuidance and Nymity pledge to load questions into their research program.

PrivaWorks was a different experience. The interface sported more modules and filters, making it harder to get to the point of taking full advantage of it. After some training, however, I found it easier to find cross-jurisdictional answers.

PrivaWorks, for example, contains a Breach Response Support Center that centralizes reference materials on the topic and includes a filter for comparing criteria in U.S. state laws. PrivaWorks also includes pages dedicated to 10 different industries. Three other differentiators: the portal contains a "Manage the Risks" module organized by 17 business risks, statistics counters that rank the reports most frequented by users, and reference materials that are structured in the same format and tagged according to the 10 Generally Accepted Privacy Principles.

I tested PrivaWorks against six North American questions I've heard lately:

  • What are the main provisions of the HITECH Act? (12 unique hits)

  • What privacy restrictions are there on behavioral advertising? (92)

  • What restrictions are there for transferring personal data from Canada? (33)

  • What kind of consent do I need for direct marketing in Canada? (90)

  • What is the definition of personal data, anonymized data, and de-identified data? (8)

  • What are best practices for data retention and destruction? (63)

So, on fairly narrow questions, both DataGuidance and Nymity deliver usable results. Table 2 shows a comparison of key elements of the two services.

Table 2: Nymity vs. DataGuidance

Nymity's PrivaWorks and Cecile Park Publishing's DataGuidance lead the market in subscription databases for privacy information.

PrivaWorks DataGuidance
Offices Toronto, New York London
First database subscription sold 2004 2008
Current modules (pricing is for a single user) U.S. ($3,600/yr.); Canada ($2,400/yr.); $6,000 total EU ($5,500/yr., 61% of the content); U.S. ($1,800/yr., 37% of the content); $7,300 total
Planned modules EU, September 2009; APEC, spring 2010 Russia, summer 2009; China, summer 2009; APEC, December 2009; Africa & Middle East, December 2009
Number of items 5,200 6,200
Item authors Four full-time attorneys, plus a panel of contributing authors 50 contributing attorneys
Product information
Source: Minnesota Privacy Consultants, 2009
1 2 3 4 Page 3
Page 3 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon