Oct 21 2016

500th Company Posted to Privacy Shield Framework

TRADE-IntThe International Trade Administration (ITA) announced that the 500th company was posted to the EU-US Privacy Shield Framework list on Tuesday, October 18th. It’s a tremendous accomplishment, and there are still more to come. More than 1,500 companies have submitted self-certifications, providing strong endorsement of the new framework.

The ITA press release stated:

WASHINGTON – The EU-U.S. Privacy Shield Framework today achieved a milestone with the posting of the 500th company to the Framework list since it began accepting certifications on August 1, 2016. The U.S. Department of Commerce’s International Trade Administration manages the newly created Privacy Shield program, and conducts a robust review of each submission before finalizing a company’s certification and placing it on the publicly available Privacy Shield list.

With our partners in Europe, we have created in Privacy Shield a framework that both strongly protects privacy and facilitates trade, said Acting Assistant Secretary of Commerce for Industry and Analysis Ted Dean. “The pace of the Privacy Shield program’s growth is a testament to the critical need for this data transfer mechanism, which underpins almost $300 billion in digitally deliverable services traded across the Atlantic each year.”

In total, more than 1,500 companies have submitted self-certifications to the site since the new Framework launched, and additional certifications are being reviewed each day.

Organizations interested in self-certifying, exporters, and other stakeholders can visit www.privacyshield.gov for more information.

To learn more about TRUSTe Privacy Shield assessment and verification, contact us.

Oct 12 2016

Round II of EU Cookie Compliance Inspections


By Helen Huang, Senior Product Manager

In September 2014, the French Data Protection Authority, CNIL conducted a “cookie sweep” to review compliance with the EU Cookie Directive and published a combined analysis from 8 DPAs, including the Czech Republic, Denmark, France, Greece, The Netherlands, Slovenia, Spain, and the UK. The “cookie sweep” involved the CNIL conducting onsite and remote inspections to evaluate compliance with the latest EU cookie standards. The 2014 cookie sweep findings showed that many companies’ websites did not comply because insufficient notice and valid consent were being given to and/or sought from visitors. Many websites subsequently put in place compliance solutions as enforcement and possible fines continue to be very real. Details about the results of the initial sweep can be found here.

With the upcoming expanded and stricter consent requirements under the General Data Protections Regulation – the GDPR, as well as anticipated amendments to the EU Cookie Directive, it is worth paying closer attention to the actions and next steps needed to come into compliance with EU regulations.

On July 27, 2016, the CNIL announced a new round of cookie sweeps and cookie enforcement actions that will focus on specific industries: Ad Tech, Social Media and Analytics companies. The French Data Protection Authority recognizes the complexity of the online advertising ecosystem, and holds both publishers and their processors responsible for activity on a website.

Publishers should provide more information on the ad tech, social media and analytics partners they work and share data with, the nature of data collected and processed by them and the rights of the data subjects to object.

In terms of next steps, publishers partners should also “(i) assess their current cookie compliance strategy, (ii) update their publisher terms (where required) and (iii) equip publishers with actionable tool kits containing for instance FAQs, template end-user wording and means to object.” With CNIL as the lead DPA, companies should still expect different degrees of strictness and various ways to implement the consent mechanism in each EU member state.

When developing your cookie compliance strategy, one of the most critical requirements is to provide proper Notice, Consent, and Choice to visitors. Launched in 2011, TRUSTe Cookie Consent Manager has continued to keep pace with evolving laws and regulations, and has been enhanced to tackle the complex landscape and varying requirements of the EU countries. TRUSTe has deployed hundreds of cookie consent solutions for many of the world’s most recognized brands, enabling them to comply with the EU Cookie Directive. Click here to see a live demo and learn more about why TRUSTe Cookie Consent Manager is the trusted data privacy solution.

If you have any questions about consent requirements under the EU Cookie Directive or GDPR, please contact TRUSTe to learn more about how we can help.


Oct 10 2016

3 More Misconceptions about Privacy Shield



Last week we gave you the facts to dispel three common misconceptions about Privacy Shield. This week we are including three more.

1. Model Contractual Clauses (MCCs) & Standard Contractual Clauses (SCCs) are easier than certifying for Privacy Shield.

While your company may have invested in MCCs or SCCs when Safe Harbor was nullified, your work does not stop there.  You need to continue updating your contracts on an ongoing basis to ensure continuing compliance.  Sabina Jausovec Salinas, Corporate Counsel at Rackspace and Debbie Bromson, Head of Global Privacy at Jazz Pharmaceuticals spoke about why they chose Privacy Shield for their organizations; the webcast recording is available here.

2. MCCs / SCCs are the safest way to go.

The continuing validity of MCCs is now being considered by the European Court of Justice (ECJ). Privacy Shield was drafted by US and European officials specifically to ensure it met the requirements as laid out in the ECJ’s Schrems decision. Many companies who have MCCs / SCCs in place view Privacy Shield as an added layer of protection against new legal action.

3. Privacy Shield Compliance = GDPR Compliance.

While the principles necessary to comply with Privacy Shield are similar to many of the data protection safeguards necessary for GDPR compliance, Privacy Shield only addresses one of the many components of the GDPR (i.e., International Data Transfer) as depicted in this image.



Even with a Privacy Shield certification, you still need to address the remaining components of the GDPR, including DPO Appointment, Consent, PIAs, and many more.


TRUSTe offers several Privacy Shield Compliance Solutions and GDPR Solutions. To schedule a consultation and learn how Privacy Shield Certification can help your organization, contact us.




Oct 06 2016

3 Misconceptions about Privacy Shield

Privacy Shield logo

Here are 3 Misconceptions about Privacy Shield and the facts you should know.

1. I missed the deadline to certify for Privacy Shield.

Although the deadline to qualify for the onward transfer requirements grace period ended September 30th, it is not too late to certify. While there is no deadline to self-certify, if you have clients and/or employees in Europe, you will need to make use of one of the recognized transfer mechanisms to process that data outside of Europe.

In addition to these regulatory obligations, your company may start to face pressure from clients or business partners to get the certification. Just as many companies required their suppliers and partners to be Safe Harbor certified, expectations around Privacy Shield are likely to be the same.  Privacy Shield provides a visible way for companies to demonstrate their compliance with EU data transfer rules.

2. The grace period for onward transfer covered the bulk of Privacy Shield requirements.

Onward transfer is only one of many Privacy Shield requirements. Companies still have to ensure all of the other requirements are met, such as: notice, choice, security, data integrity & purpose limitation, access, recourse, and enforcement & liability.  So while you missed the grace period, it only addressed one portion of the overall requirements.

3. Privacy Shield is only for my customer data.

If you have employees in the EU, you also need to consider Privacy Shield for your HR data. This is a separate certification which you can add at any time to your existing listing with the Department of Commerce. Currently, over 300 companies are on the Privacy Shield list, many of which are using this approach to facilitate compliance with customer and HR data requirements.

TRUSTe offers a comprehensive Privacy Shield Assessment and Verification program. To schedule a consultation and learn how Privacy Shield can help your organization, contact us.

Sep 30 2016

October Events Spotlight: DMA Annual Event; Privacy + Security Forum

oct-spotlight-blog-image&Then – The DMA Annual Event

October 16-18

Los Angeles

Powered by DMA – &THEN is a reinvention of our Annual Conference – a place for today’s empirically-driven, creatively-inspired marketers to convene, connect, and find new ways to create demand. It will deliver the global marketing experience for a new generation of digital, data-driven marketers. &THEN it will challenge everything you know about marketing, from the way you learn about it, to the way you apply it at a higher level.

Hear from TRUSTe’s Dave Deasy, SVP of Marketing, TRUSTe alongside representatives from Warner Bros, DemandMedia and DAA speak about “Responsible Data Collection in an Age of Consumer Skepticism” on Tuesday, October 18 at 12pm.

> Register here


Building a Privacy Governance Program

October 21 – 9:00am – 10:00am PT

Online Webinar

The proliferation of networked devices is bringing tremendous opportunity to business and consumers alike. Many organizations are struggling with where to start with securing their enterprise — so some don’t, or worse yet, take expensive action that has little impact.

Consumers freely share their personal information with businesses, governments, individuals and on social media platforms expecting progressive, personalized services while demanding and deserving privacy and control of their personal information.

Make sure to save your seat for this webinar to learn how to:

  • Put security and privacy into the context of your operations – despite their natural tensions
  • Integrate them into an effective data protection program focused on trust, transparency and accountability
  • Examine case studies from two companies from very diverse sectors

Join this webinar and hear from Michelle Fleury of Cisco and Patrick Curry of McKesson U.S. Pharmaceutical to explore the essential common elements of an effective data protection program and some tips for getting your program up and running quickly.

> Register here


Privacy + Security Forum

October 24-26

Washington DC

Privacy and security often exist in separate silos. Even privacy and security professionals who work down the hall from each other might rarely speak to each other. The Privacy + Security Forum breaks down the silos of privacy and security by bringing together seasoned thought leaders. We must break down these silos because privacy and security are interrelated, and we cannot successfully achieve one without the other.

Visit us in the exhibit hall and hear from TRUSTe on “The Role of Data Protection Officers under the GDPR” on Wednesday, October 26 at 8:50am and TRUSTe’s Hilary Wandall, GC and Chief Data Governance Officer, TRUSTe on “Ethics in an Automated and Trackable World” at 2:10pm.

> Register here


Sep 21 2016

Didn’t make it to IAPP P.S.R. 2016? Here’s the Recap

Screen Shot 2016-09-21 at 7.15.14 AMIf you were at IAPP’s Privacy Security Risk conference last week in San Jose, then you enjoyed presentations from keynote speakers ranging from Gerhard Eschelbeck, VP of Security and Privacy at Google to Monica Lewinsky, Social Activist and Writer. The daily sessions gave you both high level overviews and practical tips for dealing with GDPR, Privacy Shield, and cybersecurity challenges.

If you didn’t attend, our experts at TRUSTe are here to help direct you to resources that can help. We’ve been working extremely hard over the past few months to develop solutions and put together teams that will help your company adapt to the ever-changing privacy landscape. Specifically, our new developments include:

  • Data Inventory 2.0: Our expert consulting team leverages our powerful technology to assess, inventory, and map the data your company collects. Your team is given a searchable, sustainable, and secure repository to conduct ongoing compliance and risk management.
  • Assessment Manager 3.0: This powerful solution will make conducting privacy and data protection risk assessments streamlined and cost effective. Depending upon your company’s needs, you may choose from self-service or TRUSTe Managed Service options.
  • Consulting Team: We have 10+ consultants across four continents, who have extensive privacy and industry experience covering the globe.
  • Legal, Policy & Regulatory Team: Former Merck attorney and CPO Hilary Wandall leads this team that has over 45 years of experience. They have built maturing privacy programs, driven regulatory interoperability, and operationalized privacy technology solutions.
  • EU Privacy Shield Solutions: Powered by our TRUSTe Assessment Manager technology, our TRUSTe Global Privacy Services team can help navigate you through the compliance process.
  • GDPR Solutions: TRUSTe has developed a four step path to compliance, with tailored solutions for each step of the way.
  • GDPR Readiness Assessment: Developed in partnership with the IAPP, our team helps your company distill where you fall short of GDPR compliance, and what you need to do to become compliant.

If you would like to speak to our team for help finding which solutions can benefit your company, contact us.


Sep 15 2016

TRUSTe Launches Data Inventory 2.0

TRUSTe announced today at the Privacy.Security.Risk Conference the availability of Data Inventory 2.0 to help businesses prepare to meet privacy regulations including the EU General Data Protection Regulation (GDPR) and minimize data governance risk across their enterprise. The solution combines TRUSTe’s Data Inventory and Classification service, introduced in 2015, along with the new TRUSTe Data Inventory Manager and other technology tools to generate detailed insights into complex data flows.

Screenshot 2016-09-15 07.10.48

The IAPP-EY Annual Privacy Governance Report (2015) indicated Data Inventory and Mapping was a top priority on the privacy roadmap for nearly half (47%) of respondents. In order to fully assess privacy and compliance risks, companies need to understand how customer and employee data in their organization is used. This includes knowing what data is collected; where it is stored; who it is shared with; and how long it is retained. For a large enterprise, this can entail hundreds of websites, systems and vendors – and dozens of data types – creating a complex and often overwhelming task for businesses to manage.

TRUSTe Data Inventory 2.0 solves this challenge by providing a comprehensive solution that streamlines the process into three phases:

  1. Comprehensive enterprise-wide review of customer and HR data flows guided by TRUSTe’s privacy consultants and proven methodology. Process is enhanced by data discovery powered by TRUSTe website and mobile app scanning tools.
  2. Data is categorized by type and recorded into the new TRUSTe Data Inventory Manager, a centralized / interactive database providing a secure and efficient way to store, search, and sustain information.
  3. Visual summary of data flows are created and delivered as part of an in-depth report and high level summary to provide an enhanced way to analyze and act upon the findings.

The output is a comprehensive, actionable and sustainable data inventory and visual data flows that are easy to share across the organization and update to reflect changing business activities.

Data Inventory 2.0 is available today standalone or integrated with TRUSTe Assessment Manager to seamlessly conduct PIAs and privacy risk assessments on assets identified in the data inventory. Pricing varies based on company size and engagements can often be completed in 8 weeks or less. For more information visit truste.com/data-inventory or call 888-878-7830.



Sep 08 2016

TRUSTe Assessment Manager Passes 1,000 Company Milestone; Version 3.0 Released

Screenshot 2016-09-05 15.56.11

With more than 1,000 companies now using TRUSTe Assessment Manager to assess and manage privacy compliance risk, TRUSTe announced today that version 3.0 of the award-winning solution is now available.  The Assessment Manager 3.0 release introduces a host of new features including support for TRUSTe managed assessments,  increased collaboration, enhanced reporting, an expanded privacy template library, and streamlined project workflow.  The new features enable businesses of all sizes and privacy maturity to address emerging privacy challenges including Privacy Shield, the General Data Protection Regulation (GDPR), and vendor risk.

Marcus Morissette, eBay Global Privacy Officer and Privacy Counsel said: “eBay is dedicated to meeting the privacy expectations of both our employees and consumers.  We know that the privacy landscape is a fast-moving one which is why we selected TRUSTe Assessment Manager as the foundation of our enterprise PIA process to stay ahead of business change and meet the needs of the EU GDPR.  TRUSTe has one of the most advanced PIA solutions on the market – it’s specifically built for privacy teams. We’re excited about the organizational awareness Assessment Manager is creating and the continued evolution of the solution.”

Launched in March 2015, Assessment Manager is a SaaS technology solution and part of the comprehensive TRUSTe Data Privacy Management Platform, providing privacy professionals with solutions to manage all phases of their privacy program, from assessing risk to remediating gaps, to ongoing monitoring and compliance reporting.

Assessment Manager 3.0 supports new TRUSTe managed assessment delivery options in addition to the standard self-service option, providing additional flexibility for organizations who want guidance managing their assessments.  The managed assessment option combines the powerful, easy-to-use Assessment Manager technology with the TRUSTe team of privacy experts and proven methodology to deliver a solution that can be tailored to meet any client need.  The option has proven attractive to smaller organizations who don’t have the resources to staff a privacy team as well as larger organizations who need help jumpstarting their program.

Sean Cohen, COO of AWeber said, “We develop and run web-based tools that help businesses grow by staying in touch with customers and prospects through opt-in email. Aligning with the requirements of Privacy Shield is critical for our business which is why we’ve worked with TRUSTe to prepare for our filing.  As champions of smarter and more efficient ways to exchange information, we appreciate how Assessment Manager was able to enhance the assessment experience and streamline our communication with our Privacy Solutions Manager.”

Assessment Manager is being used by companies across a range of industries, including Tech, Pharma, CPG, Healthcare, Oil and Gas, Insurance, and many more.  A sampling of clients includes ADT, eBay, Merck, Rackspace, Transport for London and Xiaomi.

Assessment Manager 3.0 is available today starting at $1,000 per month.  For more information visit truste.com/assessment-manager or call 888- 878-7830.

Older posts «