In a press release issued by the Federal Trade Commission (FTC) on Tuesday, January 21, Apperian was identified as one of twelve similarly named companies “falsely claiming to comply” with International Safe Harbor data privacy policies.

For those never exposed to this bureaucratic process, U.S. companies are required to tell the government that they are still compliant with a privacy policy – to “self report.” It’s a completely manual and self-governed process and it’s tied to one individual at a company.

First, foremost, and most importantly, at no point in time did Apperian breach any actual data privacy. No privacy was ever compromised. No one was harmed. The issue concerns a simple process delay in Apperian self-reporting our compliance to the FTC.

In our case, some Apperian employees changed roles in the company and the FTC’s “policy compliance confirmation email” went unanswered for a bit. Upon discovering we had missed the deadline to report, we confirmed with the FTC that we were compliant. During that period of delay Apperian was accused of misrepresenting our compliance. Apperian’s only fault was being late in sending back an email telling Washington that we were still compliant. That’s it.

The wording in the government’s press release is misleading and unclear. It lumps Apperian with other companies that appear to have made more serious infractions. Apperian has never been threatened with, or been the target of a lawsuit.

Of course we regret being late in self-reporting our continued compliance and we’ve taken steps to ensure a timely response during the next self-reporting cycle. We take the privacy of our customers, employees, partners and vendors very seriously.

We are indeed grateful that the U.S. Government is taking privacy—at least in our industry—very seriously and we intend to ensure our continued compliance with both the U.S.’s and EU’s standards.

Regards,

Brian Day
Apperian CFO

Brian Day
Brian is the CFO at Apperian