Privacy Tooling

Our client for this engagement was a leading Australian financial services institution.


The client offers services across a range of recognisable consumer brands. Because of the complexity of its business arrangements, special licensing, regulatory and confidentiality protections apply to much of the data that it handles. Additionally, the client is keenly aware of the regulatory and reputational risks related to how it handles personal information.

Balancing these risks against the need for continuous innovation across its consumer offerings requires a detailed assessment new initiatives that involve personal information and other protected data. Existing manual assessment processes were time-consuming and prone to inconsistency.

Our role

elevenM was asked to develop tooling that would help to simplify and standardise how the client identifies and manages privacy and other data risks related to new business processes. This tool would effectively serve as a privacy impact assessment on new projects, and would also encompass risks related to the various contractual and regulatory restrictions thay apply to the client’s data holdings and business practices.

The tool needed to be suitable for use by business stakeholders, with guidance and review by appropriate subject matter experts.

What we did

elevenM delivered a data risk assessment tool which: 

  • Provided a structured process for assessing new initiatives that involve handling personal information and other protected data, taking into account the unique restrictions that applied to the client’s data holdings.
  • Included a “smart questionnaire” that dynamically adjusted as users progressed through the assessment process, avoiding the need for users to complete irrelevant questions
  • Automatically identified applicable risks based on responses provided in the questionnaire and recommended typical controls for addressing each risk
  • Guided the findings management process, enabling the business to document its mitigation strategies in response to identified risks.

We also delivered training and documentation to help business stakeholders to use the tool, subject to guidance from subject matter experts.