Sep 21 2016

Didn’t make it to IAPP P.S.R. 2016? Here’s the Recap

Screen Shot 2016-09-21 at 7.15.14 AMIf you were at IAPP’s Privacy Security Risk conference last week in San Jose, then you enjoyed presentations from keynote speakers ranging from Gerhard Eschelbeck, VP of Security and Privacy at Google to Monica Lewinsky, Social Activist and Writer. The daily sessions gave you both high level overviews and practical tips for dealing with GDPR, Privacy Shield, and cybersecurity challenges.

If you didn’t attend, our experts at TRUSTe are here to help direct you to resources that can help. We’ve been working extremely hard over the past few months to develop solutions and put together teams that will help your company adapt to the ever-changing privacy landscape. Specifically, our new developments include:

  • Data Inventory 2.0: Our expert consulting team leverages our powerful technology to assess, inventory, and map the data your company collects. Your team is given a searchable, sustainable, and secure repository to conduct ongoing compliance and risk management.
  • Assessment Manager 3.0: This powerful solution will make conducting privacy and data protection risk assessments streamlined and cost effective. Depending upon your company’s needs, you may choose from self-service or TRUSTe Managed Service options.
  • Consulting Team: We have 10+ consultants across four continents, who have extensive privacy and industry experience covering the globe.
  • Legal, Policy & Regulatory Team: Former Merck attorney and CPO Hilary Wandall leads this team that has over 45 years of experience. They have built maturing privacy programs, driven regulatory interoperability, and operationalized privacy technology solutions.
  • EU Privacy Shield Solutions: Powered by our TRUSTe Assessment Manager technology, our TRUSTe Global Privacy Services team can help navigate you through the compliance process.
  • GDPR Solutions: TRUSTe has developed a four step path to compliance, with tailored solutions for each step of the way.
  • GDPR Readiness Assessment: Developed in partnership with the IAPP, our team helps your company distill where you fall short of GDPR compliance, and what you need to do to become compliant.

If you would like to speak to our team for help finding which solutions can benefit your company, contact us.


Sep 15 2016

TRUSTe Launches Data Inventory 2.0

TRUSTe announced today at the Privacy.Security.Risk Conference the availability of Data Inventory 2.0 to help businesses prepare to meet privacy regulations including the EU General Data Protection Regulation (GDPR) and minimize data governance risk across their enterprise. The solution combines TRUSTe’s Data Inventory and Classification service, introduced in 2015, along with the new TRUSTe Data Inventory Manager and other technology tools to generate detailed insights into complex data flows.

Screenshot 2016-09-15 07.10.48

The IAPP-EY Annual Privacy Governance Report (2015) indicated Data Inventory and Mapping was a top priority on the privacy roadmap for nearly half (47%) of respondents. In order to fully assess privacy and compliance risks, companies need to understand how customer and employee data in their organization is used. This includes knowing what data is collected; where it is stored; who it is shared with; and how long it is retained. For a large enterprise, this can entail hundreds of websites, systems and vendors – and dozens of data types – creating a complex and often overwhelming task for businesses to manage.

TRUSTe Data Inventory 2.0 solves this challenge by providing a comprehensive solution that streamlines the process into three phases:

  1. Comprehensive enterprise-wide review of customer and HR data flows guided by TRUSTe’s privacy consultants and proven methodology. Process is enhanced by data discovery powered by TRUSTe website and mobile app scanning tools.
  2. Data is categorized by type and recorded into the new TRUSTe Data Inventory Manager, a centralized / interactive database providing a secure and efficient way to store, search, and sustain information.
  3. Visual summary of data flows are created and delivered as part of an in-depth report and high level summary to provide an enhanced way to analyze and act upon the findings.

The output is a comprehensive, actionable and sustainable data inventory and visual data flows that are easy to share across the organization and update to reflect changing business activities.

Data Inventory 2.0 is available today standalone or integrated with TRUSTe Assessment Manager to seamlessly conduct PIAs and privacy risk assessments on assets identified in the data inventory. Pricing varies based on company size and engagements can often be completed in 8 weeks or less. For more information visit or call 888-878-7830.



Sep 08 2016

TRUSTe Assessment Manager Passes 1,000 Company Milestone; Version 3.0 Released

Screenshot 2016-09-05 15.56.11

With more than 1,000 companies now using TRUSTe Assessment Manager to assess and manage privacy compliance risk, TRUSTe announced today that version 3.0 of the award-winning solution is now available.  The Assessment Manager 3.0 release introduces a host of new features including support for TRUSTe managed assessments,  increased collaboration, enhanced reporting, an expanded privacy template library, and streamlined project workflow.  The new features enable businesses of all sizes and privacy maturity to address emerging privacy challenges including Privacy Shield, the General Data Protection Regulation (GDPR), and vendor risk.

Marcus Morissette, eBay Global Privacy Officer and Privacy Counsel said: “eBay is dedicated to meeting the privacy expectations of both our employees and consumers.  We know that the privacy landscape is a fast-moving one which is why we selected TRUSTe Assessment Manager as the foundation of our enterprise PIA process to stay ahead of business change and meet the needs of the EU GDPR.  TRUSTe has one of the most advanced PIA solutions on the market – it’s specifically built for privacy teams. We’re excited about the organizational awareness Assessment Manager is creating and the continued evolution of the solution.”

Launched in March 2015, Assessment Manager is a SaaS technology solution and part of the comprehensive TRUSTe Data Privacy Management Platform, providing privacy professionals with solutions to manage all phases of their privacy program, from assessing risk to remediating gaps, to ongoing monitoring and compliance reporting.

Assessment Manager 3.0 supports new TRUSTe managed assessment delivery options in addition to the standard self-service option, providing additional flexibility for organizations who want guidance managing their assessments.  The managed assessment option combines the powerful, easy-to-use Assessment Manager technology with the TRUSTe team of privacy experts and proven methodology to deliver a solution that can be tailored to meet any client need.  The option has proven attractive to smaller organizations who don’t have the resources to staff a privacy team as well as larger organizations who need help jumpstarting their program.

Sean Cohen, COO of AWeber said, “We develop and run web-based tools that help businesses grow by staying in touch with customers and prospects through opt-in email. Aligning with the requirements of Privacy Shield is critical for our business which is why we’ve worked with TRUSTe to prepare for our filing.  As champions of smarter and more efficient ways to exchange information, we appreciate how Assessment Manager was able to enhance the assessment experience and streamline our communication with our Privacy Solutions Manager.”

Assessment Manager is being used by companies across a range of industries, including Tech, Pharma, CPG, Healthcare, Oil and Gas, Insurance, and many more.  A sampling of clients includes ADT, eBay, Merck, Rackspace, Transport for London and Xiaomi.

Assessment Manager 3.0 is available today starting at $1,000 per month.  For more information visit or call 888- 878-7830.

Sep 01 2016

Enforcing the Russian Localization Law

Screenshot 2016-09-01 11.13.59

The Russian Data Localization Law came into effect a year ago today on September 1st, 2015. On February 12th, 2016 the Ministry of Telecom and Mass Communications of the Russian Federation (MinComSvyaz) issued Guidance that addresses the comments received from public, and provided guidance on how to comply with the Law.

Since the Russian Data Localization Law came into effect last September 302 inspections have been conducted to check compliance and Roskomnadzor (the Russian Data Protection Authority) has reported that the inspections revealed few minor infractions and indicated that they expect violations would be corrected promptly and that no fines would be imposed on the offending companies. Roskomnadzor has published the list of the planned audit for 2016. According to the list the next subjects will include Microsoft, Hewlett-Packard and Samsung in addition to any unplanned audits. The results of the inspections will be published and discussed.

The September TRUSTe Client Advisory Note was prepared by Maria Elterman J.D., CIPP/US and provides an overview of the MinComSvyaz guidance including: scope of application, definition of Personal data, cross-border data transfers, timing and enforcement. The Advisory also includes a list of 5 steps to help your company comply with the Russian Data Localization Law.

If you would like a copy of this latest Client Advisory Note then look out for your copy via e-mail today or contact TRUSTe at 1-888-878-7830.

Aug 31 2016

September Spotlight: IAPP Privacy Security Risk; Changing Role of the CPO

Screenshot 2016-08-29 21.12.39

IAPP Privacy. Security. Risk. 2016

September 13-16

San Jose

San Jose is home to the upcoming IAPP Privacy.Security.Risk (P.S.R.) conference once again. The conference brings together attendees from privacy, technology and security backgrounds to focus on today’s innovations and challenges of data protection. TRUSTe will be participating in different ways throughout the conference:

Come say hello at Booth #8 and demo new exciting products and services, including Privacy Shield compliance offerings.

Stop by Tanq Lounge at the Marriott on Wednesday, Sept 14 from 7-9pm (limited space, must be a conference attendee) to visit with fellow attendees.

Hear from TRUSTe’s Josh Harris, Director of Policy, TRUSTe alongside representatives from IBM, Information Integrity Solutions and the Department of Commerce on “APEC Privacy Framework and CBPRs: Ready for the Spotlight” on Friday, Sept 16 – 9:30am.

> Register here


Changing Role of the CPO in Today’s Privacy Ecosystem

September 22 – 9.00am – 10.00am PT

Online Webinar

The Chief Privacy Officer (CPO) is now center stage with responsibility for driving an important strategic agenda within the enterprise. Recent IAPP research claimed there would need to be 28,000 more Data Protection Officers in Europe to meet the new GDPR requirements.

This webinar will provide insight into changing role of the CPO by examining questions such as:

  1. What will this new role look like?
  2. How will these new requirements impact the qualities, experience and responsibilities of the CPO within the enterprise?
  3. What do you need to do to make sure you’re ready to be a CPO in the new privacy landscape?

Join this webinar to hear from Hilary Wandall, General Counsel at TRUSTe and other current CPOs on how their roles have changed and what they see as they future need as well as industry experts who will talk about the tools, training and experience essential for success.

> Register here

Aug 30 2016

Third Party Alternate Dispute Resolution

Screenshot 2016-08-29 21.00.18Initial Privacy Shield deadlines are just around the corner and EU GDPR compliance isn’t far behind. These fast-approaching dates are stirring up a renewed interest in a solution TRUSTe has been offering for years – alternative privacy dispute resolution. Offering alternative dispute resolution (ADR) gives customers confidence that you are committed to their privacy and helps mitigate unintentional privacy violations that may accompany web page updates or new initiatives.

The impending compliance dates remind us that providing privacy dispute resolution is often more than a consumer-friendly, best practice – it’s a requirement.

When required, companies are generally presented with two options.

  • Refer a complaint directly the local regulator (DPA)
  • Work with third party dispute resolution solution provider

There are clear benefits to going the third party route – and selecting a third party trusted by both business and consumers may be the best way to turn unhappy customers into happy customers.

You will also want a solution that provides privacy expertise, cost certainty and efficient online processing. Our solution checks all of these boxes while processing several thousand customer complaints each year helping thousands of customers maintain privacy compliance. It’s included in most of our certification offerings and can also be selected as a standalone solution. If you need to meet the ADR requirements of Privacy Shield or are simply interested in improving your customer experience, you’ll want to learn more about TRUSTe Dispute Resolution.


  1. TRUSTe collects the customer’s privacy notice that complaints will be assessed against and loads into the Data Privacy Management Platform.
  2. TRUSTe verifies that the customer has posted the required information about, and provided access to, TRUSTe Dispute Resolution.
  3. A consumer must first contact company. If no or unsatisfactory response, individual can file a complaint through TRUSTe.
  4. Complaints can be submitted online identifying the disputed URL or company name. TRUSTe will respond to the individual within 10 days of receiving the complaint.
  5. TRUSTe will review and forward valid, privacy-related complaints that cannot be resolved through consumer education or the company for resolution. Company has 10 business days to respond to the consumer.
  6. TRUSTe then sends a notice of its determination and indicates that it has closed a Dispute Resolution complaint. The consumer (Complainant) or the customer has 14 calendar days to file an appeal.



Aug 17 2016

HIPAA Turns 20

Medical StethoscopeBy Margaret Alston, Senior Privacy Consultant

Among fanfare for the 20th birthday of the Heath Insurance Portability and Accountability Act (HIPAA), we have also seen the largest HIPAA settlement ($5.55 million) – laid at the feet of Advocate Health Care. This last case was on the heels of two July 2016 settlements: $2.75 million with the University of Mississippi Medical Center, and $2.7 million with Oregon Health & Science University. With mandatory breach notification required for the past 7 years, HIPAA compliance risk exposure has increased and HIPAA enforcement is on the rise.

The Federal Trade Commission is paying attention to security as well. In addition to enforcement actions that point to security promises, the FTC has published security guidance – a lessons learned from enforcement actions, if you will. Moreover, even without regulator oversight, the possibility of a data breach brings with it a complex set of state laws and costs associated with notification and possible litigation.

Another trend is the increased responsibility of vendors to health organizations. As enforcement rises and sophistication of health care organizations about HIPAA increases, these “covered entities” under HIPAA expect more from their vendors, most of whom qualify as Business Associates under HIPAA. In turn, Business Associates are required to sign up for HIPAA obligations in a Business Associate Agreement, and then live up to those responsibilities with both direct regulatory compliance risk and liability to the covered entities they support. While early in the life of HIPAA, before the amendments under HITECH in 2009, healthcare organizations may have been more concerned with their own HIPAA compliance than for their vendors’ compliance, now vendors are asked more in-depth questions about how they comply.

With this in mind, the HIPAA anniversary is a great reminder that the security risk assessments and the strong privacy and security programs that HIPAA requires are more important to today’s healthcare businesses and their vendors – not less. In fact, as part of its settlement, Advocate Health Care has agreed to conduct a complete risk assessment and present security plans to HHS for approval. It makes sense, then, that organizations that handle sensitive personal information – such as Protected Health Information (PHI) – would take the same measures on their own.

A first step can be a HIPAA Health Check; a high level gap analysis against HIPAA privacy, security and breach notification requirements compared with current practices and documentation. The purpose of this Health Check is to identify areas in which major program components are either not adequately documented, or may not exist at all. From this high level gap analysis, an organization can consider how to prioritize and address in a reasonable and thoughtful way.

With over 10 significant settlements year to date and commencement of the Phase 2 HIPAA Audit program review of both covered entities and business associates, our 20th year of HIPAA brings with it increasing security and privacy focus and expectations. Fortunately, there are also more resources available to organizations who wish to double down on their compliance and security stance.




Aug 16 2016

Over 500 Companies Working with TRUSTe to Comply with EU-U.S. Privacy Shield

Screenshot 2016-04-13 14.29.02TRUSTe announced today that it is working with over 500 companies to assess and verify compliance with the new requirements for the EU-U.S. Privacy Shield and provide dispute resolution services. In order to meet the spike in demand since the Department of Commerce (DOC) started accepting submissions on August 1st, TRUSTe is using Assessment Manager, the award-winning technology platform to streamline the comprehensive assessment and remediation process companies must complete.

The EU-U.S. Privacy Shield is the new international data transfer framework finalized in July to replace Safe Harbor. The new framework requires that companies meet stronger obligations to protect the personal data of Europeans and introduces stronger monitoring and enforcement by the US Department of Commerce (DOC) and the Federal Trade Commission (FTC).

The framework provides all companies self-certifying by September 30 a nine-month ‘grace period’ to ensure compliance with their third party contracts. TRUSTe’s privacy assessment technology streamlines and documents the process enabling hundreds of companies to get ahead of the pack and self-certify before that date.

Chris Babel CEO, TRUSTe said: “Privacy Shield has created an equivalent of tax season for privacy as hundreds of companies want to benefit from the new Privacy Shield framework and simplify their EU data transfer compliance.

“Our Assessment Manager platform enables us to scale to meet this unprecedented demand and we have started the assessment process with over 500 companies in the last few weeks. After months of negotiations between the U.S. and the EU the volume of companies taking part shows the extent of interest and momentum in the new framework”.

Perry Pappas, SVP, General Counsel and Chief Compliance Officer at WorkWave LLC, stated:

“At WorkWave protecting the privacy and confidential information of our clients is of the utmost importance.  We have found TRUSTe to be an excellent resource in guiding us through what can be a complex area.  TRUSTe provides a streamlined roadmap and process toward certification, their Assessment Manager tool is collaborative and easy to use, and their team is extremely responsive and helpful, from sales through to privacy solutions implementation.”

“At Aria Systems, protecting critical customer data is paramount,” said Jim Alexander, SVP of Customer Operations and Technology, Aria Systems. “Aria is partnering with TRUSTe to verify strict compliance to the EU-US Privacy Shield and our adherence to a broader spectrum privacy and security standards that provide the utmost in protection for our customers and their consumers.”

For more information on TRUSTe’s EU-U.S. Privacy Shield solution packages visit or call on 1-888- 878-7830.

Older posts «