Case Study

Phoenix Cyber delivers groundbreaking privacy compliance application for Federal Government client

New application increases efficiency over 250% by automating privacy law and regulation compliance around personally identifiable information

The Challenge

A very large component of the Department of Defense needed to streamline the process of managing privacy compliance across nearly 400 information technology systems, several of which contain personally identifiable information (PII). For those systems containing PII, the agency needed to prepare the proper privacy compliance documentation and then track and report on privacy compliance key performance indicators (KPIs) as those systems completed the various mandated privacy compliance documentation. Until the Phoenix Cyber solution was delivered, the Agency was using email to manage this process, which was slow, tedious, and difficult to track. The Agency’s Privacy Office did not have a real-time, accurate tracking and reporting system for this documentation, and it took searching through emails and shared file directories to find all of the necessary information.

The Phoenix Cyber Solution

Phoenix Cyber analyzed the Agency’s former email-based process and presented the Agency with a tailored, automated system based on their custom workflows. A no-code/low-code platform was leveraged to decrease development time and costs with Phoenix Cyber and the Agency working together through an agile, rapid development and prototyping process to ensure all requirements and deadlines were met.

The resulting “first-of-its-kind” federal privacy compliance management tool was lauded by senior officials and independent third-party viewers as “thoughtful and intelligent design,” the likes of which they had not seen in their 20 years of conducting Agency reviews. The solution includes:

  • An intuitive, engaging user interface with helpful information and useful documentation links to understand the compliance requirements
  • Business workflows employing role-based access controls, along with task tracking and user notifications
  • Mail merge functionality to generate the necessary documentation and forms required to be completed for each system
  • Integration with the Agency’s information system inventory application to import data elements and identify key stakeholders for each system
  • Business intelligence with KPIs, workflow monitoring, and management reporting

This new tool results in a simpler process for system owners and program managers to complete required privacy compliance documentation while providing critical transparency and real-time reporting to the Agency’s Privacy Office.

Ongoing Customer Benefits

The privacy compliance application Phoenix Cyber developed vastly streamlined the completion of compliance documentation and privacy assessments, speeding up Privacy Threshold Assessment (PTA) completion over 250%, from 97 days down to 27 days. “This eliminates that back-and-forth exchange of emails and documents that we had before, which can be particularly cumbersome when you’re already getting hundreds of emails a day or there’s a vacant position,” said the Agency’s senior privacy officer

The new tool built by Phoenix Cyber is considered the new platinum standard for accomplishing privacy compliance. The privacy compliance tool was also highlighted in demonstrations across the federal government as part of the Federal Privacy Summit during Data Privacy Week in January 2023.

Quote Icon

“This eliminates that back-and-forth exchange of emails and documents that we had before, which can be particularly cumbersome when you’re already getting hundreds of emails a day or there’s a vacant position.”

SENIOR PRIVACY OFFICER