The Privacy Checker is our solution to ensuring efficiency and thoroughness of privacy audits.
Project Overview
Consumer privacy continues to remain top of mind following publicized lawsuits where technology companies like Meta were fined for selling personal identifiable information (PII) without consent. To ensure the data of each license-holder in the state of Washington is treated with utmost care in lieu of a formal state privacy law that dictates how data should be stored, processed, and collected, the Department of Licensing (DOL) Washington State sought an automated solution that would flag language in a privacy notice that indicated whether the vendor or customer was following best practices and protecting PII. Our team partnered with the DOL to create an intuitive portal where auditors can quickly scan any privacy notice for language that must, should, and should not be included. The overall result of our efforts led to a tool that will increase efficiency and ensure consistency when reviewing privacy notices to cue auditors into how compliant a privacy notice is before they begin a full review.
The above image depicts the final iteration of our tool with a gallery presenting the different iterations of our tool at the bottom. Please navigate to the below Azure link to try the tool out for yourself!
Target Stakeholders
Our project will benefit:
- Washington State Department of Licensing
- Third-party vendors/data recipients
- Customers of the Department of Licensing Washington State that process consumer information
- Washington state residents whose information is processed by the DOL
Summary of actions taken
We started the process by evaluating multiple privacy notices with the guidance of our sponsor. This enabled us to:
Agree on a baseline understanding of must, should, and should not have terms for a privacy notice in the context of the DOL.
Leverage JavaScript coding techniques and agile project management methodologies to iterate on our prototype.
Test and iterate on the tool to meet stakeholder expectations.
Conduct a security code review using Burp Suite to mitigate web application vulnerabilities.
Migrate the prototype from a free web hosting platform to the Azure cloud.
Benefits of Solution
Meet the Security Compass Team!
Amol Soley – Project Manager
Amol is the program manager for this project and acted as a bridge between the Department of Licensing and the Security Compass Team. He ensured that the stakeholder requirements were translated aptly without the quality and timeline of the work getting impacted. Outside of this project, Amol has worked with security teams as a Threat Researcher and a Technical Program Manager.
Parth Oza – Governance, Risk, and Compliance Engineer
Parth is the Security Governance, Risk, and Compliance Engineer who ensured that security, governance, and privacy best practices were followed during the project execution. In this role, Parth worked in close collaboration with Julie and Amol to ensure the compliance was ingrained in each stage of the project planning and informed all security reviews. Outside of this project, Parth has work experience in the security domain with organizations like Salesforce, Copart and Ernst & Young.
Julie Emory (uses they/them/theirs) – Security Analyst
Julie is Security Compass’s Security Analyst who collaborated with the Department of Licensing to ensure the automated solution followed all necessary security protocols. Julie worked in close collaboration with Byung to develop the web application and review any security risks with him. Outside of this project, Julie works as a Cyber Threat Intelligence Analyst.
Byung Min – Software Engineer & UI/UX Designer
Byung is the Software Engineer and UI/UX Designer of the Privacy Checker that translated all requirements from the Department of Licensing into an interactive application. Outside of this project, Byung is a peer leader who dedicates his time to fostering community in the UW Information School.
Security Compass 