Personal Data Privacy Removal Protection Platform

The vendor is required to provide for a subscription-based, vendor-managed personal data privacy protection platform.
- Provide comprehensive services to assist county employees in the detection, monitoring, and removal of personally identifiable information (PII) from data broker websites, people search engines, and other publicly accessible online databases.
- The intent is to procure a secure, scalable, and easy-to-use privacy protection solution (software-as-a-service (SaaS)) that provides robust reporting, proactive monitoring, and continuous support.
- Functional requirements
• Provide a platform to detect, monitor, and facilitate the removal of employee PII from public websites.
• The solution must include automated scans and manual reviews to ensure comprehensive detection.
• The system must support opt-out and opt-in functionality for users, with consent and identity verification protocols.
• Dashboard must allow users and administrators to view exposure levels, removal status, and threat summaries.
• Removal requests should be automatically initiated by the system where possible, with tracking and confirmation.
• Solution must support integration with government email systems for onboarding and credential validation.
• System must generate periodic reports for users and administrators, including risk scores and data trends.
• Provide notification alerts for reappearance of data and new exposures.
- Business and support requirements
• Provide onboarding and applicable training materials for users and county administrators.
• A dedicated customer support contact must be available for escalation and troubleshooting during normal county business hours 8am-5pm MST excluding holidays.
• Services must include regular audits and compliance with data privacy regulations and other applicable laws and regulations. 
• All county data must remain confidential and be stored securely in compliance with applicable regulations.
• The platform must allow for bulk user provisioning and de-provisioning.
• The county’s data shall remain its sole property, and vendor access may be revoked upon request.
- Security requirements
• The security framework, including physical and network safeguards.
• Compliance with security standards such as FEDRAMP, soc2, iso 27001, or equivalent.
• Vendor must offer single sign-on (SSO) and multi-factor authentication (MFA).
• Provide role-based access control for users and administrators as required by the county.
• Provide audit logs for platform activity.
• Vendor must disclose any security breaches in the past 5 years.
- Implementation and training
• Lead a discovery session to assess the county’s user population and risk profile.
• Assist in platform configuration and user provisioning.
• Implementation timeline schedule must be proposed and mutually agreed upon, i.e. configuration, setup and any potential testing.
• Provide training (live and recorded) and documentation for end users and administrators.
- Maintenance and updates
• Provide regular platform updates, enhancements, and bug fixes at no additional cost.
• Downtime for maintenance must be scheduled during off-peak hours and communicated in advance.
- Contract Period/Term: 1 year
- Questions/Inquires Deadline: July 21, 2025