TrustArc Blog

The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness

May 31, 2017

by Tom Pendergast Many of the impacts of the EU’s wide-reaching General Data Protection Regulation (GDPR) are still being hemmed and hawed about, but one thing is clear: more Data Protection Officers will be needed. The IAPP estimated last year that an estimated 28,000 new DPOs will be needed to oversee data handling for organizations subject to the GDPR. The mandatory DPO is one of many provisions within the GDPR going into effect in May 2018. (Check out our white paper here for a primer and some industry expert input). While the requirements for getting in compliance with the GDPR are … Continue reading The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness

The Internet of Things and Connected Cars: Considering Privacy Issues and Minimizing Risk

May 26, 2017

The internet of things is the connection of a broad range of devices using an IP address. It can range from our smart TVs and phones, to our home security systems, thermostats … the list goes on. A popular prediction is that by 2020, the internet of things will comprise no less than 50 billion devices. With this type of wide adoption, concerns over private data surface – how it is collected, how it is used, and how it may make your organization vulnerable to risk. Connected cars, having an IP address, are part of the internet of things. Unless … Continue reading The Internet of Things and Connected Cars: Considering Privacy Issues and Minimizing Risk

How the Privacy Landscape is Creating In-Demand Jobs

April 20, 2015

By KimAnh Tran, Associate Legal Counsel, CIPP/US, Contributor

High profile breaches seem to arise almost weekly across all industries and verticals, making privacy and security top-of-mind for organizations large and small. Fear has proven to be a strong motivator for many organizations, as an expensive remediation process, a regulatory audit and a public relations disaster looms with any breach. Predictably, companies are reacting by trying to clean up their own privacy practices company-wide. This objective, though admirable, is not easily accomplished, and typically requires the skills of experienced privacy professionals.

Privacy management as an industry is still relatively young and consequently, privacy veterans are few and far between. However, more and more job descriptions express a need for seasoned privacy professionals with experience in tracking and understanding privacy regulations and best practices, and applying such knowledge in a variety of different roles and functions.

Though official titles may vary, there are several roles and functions that seem to be in-demand in the privacy space. The qualifications for each may differ depending on company size, the company’s industry and need for privacy support. However, a CIPP certification through the International Association of Privacy Professional may indicate a certain level of credibility and dedication to privacy in the eyes of a hiring manager.

Read more “How the Privacy Landscape is Creating In-Demand Jobs”

EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)

April 02, 2015

By Shreya Vora, Esq., CIPP/US

Educational technology is really taking off. Kids today use tablets and computers at school, learning apps and a bevy of other online tools. When building products for the education technology sector, all business owners need to consider privacy – everyone from budding entrepreneurs to established companies to large multi-national corporations.  When your technology is aimed at kids there are laws as well as best practices to follow in order to mitigate risk and ensure consumer trust.

Understanding the legal landscape within which your technology is operating is essential to ensuring your company’s survival and success. Failure to comply can lead to hefty fines, the loss of business, reputational damage, and a media nightmare. Understanding the laws and best practices in your industry will empower you to design and update your technology with children’s privacy issues in mind. It goes without saying that given the speed of technological innovation, many of the applicable laws have necessitated (and continue to necessitate) reform to truly address the risks posed by education technology, as well as the data gathered about children through such technology (i.e. what can be done with metadata, data retention policies, use of information for advertising purposes — the list goes on). That said, for those working in this space, there are some key regulations to keep in mind (though this is by no means a comprehensive list).

Read more “EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)”

Using Privacy Engineering To Make Your Company More ‘Likeable’

March 31, 2015

By Alexandra Ross, The Privacy Guru

Last week I had the pleasure of speaking at the Privacy Innovations & Technology event, “Demystifying Privacy Engineering” hosted at the TRUSTe offices. In a lively session, we discussed the basics of Privacy by Design (PbD) and Privacy Engineering, including examples of how to implement Privacy Engineering, career opportunities as a privacy engineer, and how Privacy Engineering can be used as a competitive advantage.


At this year’s SXSW, Deepti Rohatgi, head of policy at Lookout, a cybersecurity company, encouraged developers to think about privacy as a product. Lookout, which offers an open source privacy policy generator, believes in the measurable impact of privacy engineering. Lookout recommended A/B testing of thoughtfully designed privacy policies and features, and encouraged the use of privacy engineering to increase customer trust and a company’s overall “likeability.”

Should this idea be revolutionary? Perhaps not, but it’s a departure from how many developers and tech executives regard privacy practices. The era of “bolt on” and stop-gap privacy patching is coming to an end. The stakes are high, as users are growing increasingly more aware of privacy issues.

Read more “Using Privacy Engineering To Make Your Company More ‘Likeable’”

The Upsides and Downsides of Private Messaging Apps

January 26, 2015

By Alexandra Ross, The Privacy Guru 

Have we reached the end of the “age of oversharing”? Private messaging apps are the fastest growing category of apps, according to mobile analytics firm Flurry. Recent stats show downloads of private social messaging apps increased 200 percent in 2013 over 2012.

From the basic urge to just “say Yo” or share a few emoji, to the distribution of self-destructing content to select audiences, the desire for greater control over privacy seems to be driving the private messaging boom.

The Guardian recently reviewed its picks for the 10 best messaging apps. (One omission from this list is Wickr, regarded as one of the most secure options.)

The allure of private messaging technology is undeniable. But there are upsides and downsides to these apps and tools.

Read more “The Upsides and Downsides of Private Messaging Apps”