Tuesday, July 2, 2019

Case Study: Reducing Costs by Automating Privacy Matters



Key Challenges

   Automatically direct privacy requests to the correct regional team.
   Automatically store privacy requests in chronological case files.
   Enable new team members to review stored privacy request records.

Protecting Private Information

With laws such as the GDPR, privacy matters are increasingly critical for large corporations. Companies with thousands of team members raise hundreds of privacy issues daily. For example, a privacy issue arises with a task as simple as listing a name and phone number on a public document. To avoid liability, privacy teams must evaluate any shared personal or company details. Small (less than 20 person) privacy teams must evaluate the requests efficiently at a large scale.

Annual audits are also a crucial matter for privacy teams. Auditors randomly select privacy cases from the previous year. The privacy team must provide details regarding their responses to the matters. It is crucial that privacy teams maintain chronological records of privacy requests and responses.

Automating with Dynamics 365 and SharePoint

We recently implemented an automated privacy tracking system for a large software company. Our client previously relied on an Outlook-based system. When a team member had a privacy concern, he sent an email directly to the privacy team. A privacy team member received the email, and manually added topic and privacy region (United States, Europe, Asia-Pacific, etc.) tags. The privacy team then manually grouped the emails into case files. The client’s Outlook-based system was cumbersome and inconsistent.

Our client asked us to automate privacy requests using Dynamics 365 and SharePoint. We agreed on several objectives at the start of the project:

   Simplify the request process by accepting requests via email and via an online portal.
   Improve efficiency by automatically directing privacy requests to the correct regional privacy team.
   Reduce workload by automatically generating case numbers for privacy requests.
   Ease team member onboarding by creating a chronological communications record for each privacy request.
   Improve annual audits by tracking privacy case resolutions.

Web Portal and Email Submission

After determining the privacy tracking system objectives, we began implementation. We designed two methods to submit requests: a web portal and an email submission system. First, we created the web portal. The web portal consists of a structured form that gathers all the information the privacy team requires. The form requires details including:

   Requester name
   The applicable regional privacy team
   Users to copy on the request
   Request title
   Request description
   Attachments

The form’s attractive interface lets users easily include all the applicable information for the privacy team. When a user submits the form, Dynamics 365 business logic determines the appropriate team to direct the request to. At the same time, the system creates a support ticket and case number. The system stores attachments and supporting documents in a correlating SharePoint record. The system tracks all privacy team replies and subsequent communications in Dynamics 365 automatically.

The privacy web portal also allows users to tag a request as a “privacy incident.” A privacy incident is a matter that requires immediate attention, such as a privacy breach. The privacy team prioritizes privacy incidents above all other matters.

The email privacy system request is more complex. Email does not allow the same customized structure as a web form. Our team compensated for the lack of structure by aligning email fields with the web form structure. The “From” line indicates the requester name. The “To” line indicates the applicable regional privacy team. The “CC” line indicates who to copy on the privacy request ticket. The “Subject” line indicates the request title. And the email body indicates the request description. Just as with the web form, Dynamics 365 business logic determines where to direct the submitted email request.

Users can include attachments with the email request, which the system tracks in a correlating SharePoint record. The email requests also generate a support ticket and case number, similarly to the web form requests.

Immediate Automation Benefits

The privacy request system yielded three immediate benefits. First, chronologically logged case files eased audit concerns. Each case file now shows all the information related to the matter and how the team resolved it. The teams no longer worry about manually sorting information. Second, new privacy team members can catch up to speed on cases immediately. With all the case information automatically organized, team members pick up existing case files with ease. Finally, effort is reduced because team members no longer must manually tag incoming privacy requests. The privacy request system’s structured forms always route requests to the correct team.

Additional benefits include:

   Automatic responses and notifications for ticket creation and closure.
   Secure access to content from mobile devices.
   Centralized deployment and upgrades.
   Support ticket statistic tracking with Power BI.
   Automatic SLA tracking for privacy request cases.

Teams began using the automated privacy request system immediately. Within two weeks of implementation, teams submitted over 800 privacy request tickets. The system continues to improve efficiency as the client rolls it out to more teams.