HeiaHeia

HeiaHeia is a social web service that motivates people to exercise more. HeiaHeia is available in multiple languages and is used by individuals from over 140 countries. HeiaHeia supports over 350 different activities and with the extensive social features – sharing, cheering, commenting, and groups –physical activities are made more social and fun.

Challenge

Dealing with wellness data is sensitive data for many, and trusting your general state of health to a company is always something that can raise privacy concerns among users.

Privacy is critical for the reputation of wellness service providers and wellness products. Prudent data practices are always a challenge for the data controller and right now the pressure from individuals and regulators towards privacy is growing.

Solution

Privaon’s PIA as a Service was used to evaluate HeiaHeia’s service. The tool helped in the analysis of the service leading to findings that were assigned to responsible professionals in HeiaHeia’s organization.

The outcome of the PIA was summarized in the final report describing the current status, the corrective actions and executive metrics.

PIA as a Service as a comprehensive Privacy Impact Assessment (PIA) was used for identifying and reducing privacy risks and to measure compliance against the requirements from variety of laws. Privaon`s role was to carry out PIA as a Service when conducting the PIA workshop. Privaon’s specialist facilitated the workshop to gather data, to interpret the results and to suggest corrective actions.

Instant result

Based on the findings from the workshop HeiaHeia immediately received a clear To-Do list of corrective and pragmatic actions.

After the corrective actions were completed it was possible to generate a fresh version of the final report including the latest corrections at any time. Privacy assurance was gained. Completion of the PIA gave evidence about the completed PIA and accountability.

Next steps

With the data collected during the assessment Privaon was also able document Data classification guidance for HeiaHeia’s internal use.