Legal

12th April 2010

During the period 1 August 2008 through 31 July 2009, Hitwise has maintained effective control procedures to:

Methodology and Data Collection   

• Accurately disclose the methodology for measuring the competitiveness and performance of web sites (web-ranking processes) on the following web sites:

• United States of America
• United Kingdom
• Australia
• New Zealand
• Hong Kong
• Singapore

• Ensure the completeness and accuracy of the data collection process, (as described in the end to end process document) from ISPs and other data partners, into the web-ranking process
• Ensure customer queries over web-ranking information provided on www.hitwise.com are handled in accordance with company policies and procedures.

General Computer Operations

• Ensure program changes and program developments for the systems supporting the web-ranking processes are approved and tested
• Restrict privileged access to programs and data in accordance with access requirements for job roles
• Backup and recovery data collected during the web-ranking process

Privacy

• Ensure the data collection processes does not include the collection and storage of personal information which would be in contravention of applicable privacy policies where Hitwise websites are hosted.
• Ensure that the Experian Australia privacy policy disclosed on the company websites is in adherence with the following list of regional privacy legislations:

• United States Federal Privacy Law; New York, California and Texas State Privacy Law
• United Kingdom: The Data Protection Act 1998; The Privacy and Electronic Communications (EC Directive) Regulations 2003
• Australia: The Privacy Act 1988; privacy related laws in Telecommunications Act 1997
• New Zealand: The Privacy Act 1993
• Hong Kong: Hong Kong Personal Data (Privacy) Ordinance
• Singapore: Relevant statutes and common law torts (note no overarching privacy or data protection law in Singapore)

• Ensure security of customer information, including usage restrictions to a limited number of identified staff.

Privacy

• Ensure the data collection process does not include the collection and storage of personal information which would be in contravention of applicable privacy policies
• Ensure that the Experian Australia and Hitwise privacy policy disclosed on Experian Australia website is in adherence with the privacy legislations

Improvements in controls are required in the following areas:

The IT security policy, which has not been updated since 2006, may not accurately reflect the current IT environment, and was not posted on the intranet during the audit period. A copy of the policy was available to staff upon request, however as it was not up-to-date, and as a result there may be an increased risk that staff may have been misinformed of their security requirements or may not have been aware of current policies related to IT security.

Improvements are required in the process for changing customer information within the internal CRM application. Although there is a process in place to capture all changes requested from customers, there is a need to have more rigour around the documentation maintained with the internal system to verify that all customer detail changes have been requested by an approved customer representative. This requires us to reiterate to our staff the importance of verifying the identity and documenting who has requested the change in customer data.

Yours Sincerely

Harley Giles
Chief Information Officer
Hitwise Pty Ltd
Date: 12 Apr 2010

PricewaterhouseCoopers has reported to Experian Hitwise's Chief Information Officer with its audit opinion on certain assertions made by the Management of Experian Australia and Hitwise Pty Ltd in relation to the Web ranking processes for the period 1 August 2008 to 31 July 2009. You may obtain a copy of that opinion by  Contact Us