APEC Data Privacy Subgroup Meeting Wraps in Lima, Peru



Peru hosted the Asia Pacific Economic Cooperation’s Data Privacy Subgroup working meetings from February 22 – February 27 and was attended by TRUSTe CEO Chris Babel and TRUSTe Director of Policy Josh Harris. This year marked one of the largest US delegations in recent years, including representatives from over a dozen US companies and led by US Deputy Secretary of Commerce Ted Dean. The increased interest in the APEC approach to cross border data transfers comes as the fourth economy to join the system, Japan, announced formal endorsement of its accountability agent, JIPDEC.

The meetings kicked off with a one day workshop hosted by TRUSTe, The Centre for Information Policy Leadership, The Information Accountability Foundation, and Information Integrity Solutions. Topics of discussion included implementation of the CBPR system, a status report on CBPR-related activities, CBPR’s role in interoperability and the applicability of big data to the APEC Privacy Framework. Speakers included representatives from Apple, CIPL, DBS Bank, HP, IAF, IBM, IIS, the Internet Society, MasterCard, Nymity, TRUSTe and Walmart and from the governments of Australia, Canada, the New Zealand and the United States.


At the Data Privacy Subgroup formal meeting, Information Integrity Solutions presented the results of an APEC-commissioned report on the benefits of the CBPR system to consumers, economies and businesses.  Businesses specifically noted CBPR’s role in promoting the development of a single approach to global privacy that can help to simplify compliance with the range of regulatory requirements across the region. In addition, certification to a regionally-recognized system of data transfers encourages consumer confidence in the certified companies’ data practices. The report was based on consultations with government, business, and regulators from Japan, Singapore, Mexico, Canada and the United States and identified significant trade benefits as well as internal business benefits.  Based on the findings of this report, APEC economies agreed to develop a coordinated marketing strategy to increase business and consumer awareness of the benefits of the system

It was also formally announced that the Japanese firm JIPDEC has been formally approved to serve as an accountability agent under the CBPR system, joining TRUSTe, named the first accountability agent for APEC Cross Border Privacy compliance in June 2013. In September, Japan passed an amendment to the “Act on the Protection of Personal Information.” Article 24 of the amended law imposes restrictions on the transfer of personal information of Japanese citizens to third parties in foreign countries. Exemptions to these restrictions include when a third party has established a system which meets the Rules of the Commission to “continuously implement equivalent necessary measures.” The draft rules for implementing Article 24 specifically call out a company’s APEC CBPR certification as satisfying this requirement.

The next meeting of APEC’s Data Privacy Subgroup will take place in August, once again in Lima, Peru.


Join TRUSTe at the RSA Conference 2016

RSA Email header

RSA Email header

We are excited to take part in this year’s RSA Conference 2016 in San Francisco next week. If you are attending the Conference, make sure to come say hello at one of the following:

North Expo Exhibit Hall, Booth #N3017

Get a demo of the new TRUSTe Assessment Manager 2.0, our groundbreaking privacy automation solution for EU-US Privacy Shield Assessments, Privacy Impact Assessments, and more.

Blended Intelligence Wine Tasting

Wednesday, March 2 – 5:00- 9:00 pm

Join TRUSTe along with co-sponsors IID, Infoblox, ThreatWave and OTA for exceptional wines, delectable food and warm conversation. RSVP here to attend the event located at the Contemporary Jewish Museum.

Investment in Privacy Brings Security Results – Panel Session

Wednesday, March 2, 8:00 – 8.50 am

TRUSTe CEO Chris Babel will be joining Omer Tene, Vice President of Research and Education, IAPP to present new research examining how investment in privacy best practices such as data inventory, collection and retention policies, and de-identification can help significantly reduce the impact of a data breach. The research, which is due to be published at RSA, seeks to answer whether privacy spend may be a cost-effective way to reduce security risk.

Not attending the RSA Conference? Contact your TRUSTe Account Rep or give us a call at 1-888-878-7830 to learn about everything new that is happening at TRUSTe and how it can benefit your business.



TRUSTe Assessment Manager Product Feature Series – Part 2

DPMP Blog Image

With the 2.0 release of Assessment Manager, TRUSTe now provides the privacy office with even more control over its privacy program. From the comprehensive privacy dashboard to management of privacy remediation action plans, this five part blog series will highlight the latest updates.

Part 2 – Creating your Online Assessment Templates

The December 2015 release of TRUSTe Assessment Manager simplifies assessment template creation for all users. You can now easily build your own assessment templates for use online through TRUSTe Assessment Manager.

Three easy steps

  1. Create questions: These can be yes/no, multiple select, single select or open text. We recommend using these options as they can be associated with compliance, whereas open text questions cannot.
  2. Define compliance (Optional): indicate what answers are acceptable by your organization, with predefined recommended remediation actions to be displayed in the report if a response triggers a risk flag. This functionality greatly streamlines the assessment review process as the platform can automatically report on potential privacy issues and provide the recommended possible remediations.
  3. Create conditional logic: display additional questions for the user to answer based on the responses to previous questions.

Screenshot 2016-02-13 11.13.36

There is no limit to the number of questions you can include in your assessment template. So jump in and start to operationalize your current assessment forms.

If you’re not already using TRUSTe Assessment Manager then click here to find out more and contact your TRUSTe Account Manager to arrange a demo of all the new product features.



Amendments to Japan’s Personal Information Protection Act

Screenshot 2016-02-13 11.30.00

Screenshot 2016-02-13 11.34.50

Japan’s Law Concerning the Protection of Personal Information first came into effect on April 1, 2005 and stands as one of Asia’s oldest privacy laws. The recent amendments passed by the Japanese Diet on September 3, 2015 will apply to any domestic, as well as, foreign business operators that collect personal data in the course of supplying goods and services to customers in Japan.

The February TRUSTe Client Advisory Note was prepared by Cindy Bi from the TRUSTe Privacy Consulting Group and reviews the recent major amendments to the Act which include:

  • Expanded definition of “sensitive personal information”
  • The establishment of a new government agency, the Personal Information Protection Committee (the “Committee”), in January 2016
  • Cross-border transfers of personal data only if the foreign country has a legal system that is deemed equivalent in standard as the Japanese’s personal data protection system (similar to GDPR)
  • “Opt-out” exceptions

The Advisory also includes a checklist of “Practical Steps to Comply with Japan’s Amended Personal Information Protection Act”.

If you would like a copy of this latest Client Advisory Note then look out for your copy on e-mail today or contact TRUSTe on 1-888-878-7830.



TRUSTe Assessment Manager Product Feature Series – Part 1

Screenshot 2016-02-07 13.55.12

With the 2.0 release of Assessment Manager, TRUSTe now provides the privacy office with even more control over its privacy program. From the comprehensive privacy dashboard to management of privacy remediation action plans, this five part blog series will highlight the latest updates.

Part 1 – Your New Privacy Program Dashboard

Screenshot 2016-02-07 13.55.12

The December 2015 2.0 release of TRUSTe Assessment Manager introduces a comprehensive Privacy Program Dashboard, giving you visibility into key operational privacy metrics and helping you establish Key Performance indicators (KPIs) for your privacy office.

Your privacy dashboard gives you instant view of:

  • Privacy assessment trends over time. How many assessments were created, approved and in progress during different periods
  • Basic risk profile (risk manually assigned by reviewers to issues)
  • Project aging trends
  • Geographical distribution of assessments
  • Open remediation tasks

In addition, from your dashboard you are just one click away from launching a new privacy assessment

We hope you enjoy the new look and feel of your Assessment Manager Dashboard and welcome feedback on other KPI’s your Privacy team uses to show effectiveness and accountability. Contact Senior Product Manager, Tony Berman on tberman@truste.com with your suggestions.

If you’re not already using TRUSTe Assessment Manager then click here to find out more and contact your TRUSTe Account Manager to arrange a demo of all the new product features.



EU and US Agree on New Transatlantic Privacy Shield to Replace Safe Harbor

Screenshot 2016-02-02 13.00.17

Screenshot 2016-02-02 13.00.17

After months of intensive negotiations, today (February 2) the European Commission and the United States announced agreement on a new framework for transatlantic data flows: the EU-US Privacy Shield.

This new framework will protect the rights of Europeans where their data is transferred to the United States and provide a path to legal certainty for the thousands of businesses that had previously relied on Safe Harbor for their international data transfers. The framework should be in place within three months.

Addressing the ECJ concerns

The EU-US Privacy Shield addresses the requirements set out by the European Court of Justice in its ruling last October 6 which declared the old Safe Harbor framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. There will also be the creation of a new Ombudsperson to address complaints about possible access by national intelligence agencies.

Vice-President Ansip, European Commission said: “We have agreed on a new strong framework on data flows with the US. Today’s decision…further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”

While further details of the new framework are still to be released it’s clear that the EU-U.S. Privacy Shield will be robustly monitored with an annual review by the European Commission and the U.S. Department of Commerce. This review will also involve the U.S. national intelligence experts from the U.S. and European Data Protection Authorities.

 What happens next?

The European Commission will now draft an “adequacy decision” which would be reviewed by the Article 29 Working Party and then adopted by the Commission after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. Department of Commerce together with the European Commission will continue preparations to put in place the new framework, monitoring mechanisms and new Ombudsman. If agreed before the final adoption of the European General Data Protection Regulation then this adequacy decision would ensure that the Privacy Shield could be a valid method of international data transfers through 2018 and beyond.

There should be further details following tomorrow’s Article 29 Working Party meeting and in subsequent briefings by the Department of Commerce on what requirements will be necessary for companies to stay compliant until the Privacy Shield is in place. The TRUSTe EU Data Privacy Transfer Assessment package will ensure you’re compliant with each of these requirements once they’re made available.



February Spotlight: Join us at events in Brussels, Barcelona, Lima and San Francisco

Screenshot 2016-01-30 18.19.23

Screenshot 2016-01-30 18.19.23

Feb 22-23

IAPP GDPR Comprehensive


Helping you prepare and implement the EU General Data Protection Regulation. The biggest European data protection reform in 20 years is upon us. Make sure your organization is ready for this seismic shift by attending the IAPP GDPR Comprehensive—an intensive two-day training offering a practical, hands-on view of the fundamentals of the new regulation. TRUSTe is a sponsor of the event.

Register here


Feb. 22-25

Mobile World Congress


Mobile World Congress, or MWC, is an annual gathering for the mobile industry and related industries, organized by the GSMA, and held in Barcelona, Spain, the Mobile World Capital. GSMA works all year long to plan the world-class exhibition, award-winning conference program, and outstanding networking opportunities that comprise Congress each year. With an expected 94,000+ attendees you can do more business in four days than in a month’s worth of meetings or in a year’s worth of travel, because everyone who is part of the industry is in Barcelona for MWC.

TRUSTe will be exhibiting alongside the DAA and EDAA in App Planet Hall 8.1 Booth #I63 – come say hi!

More details and registration here


Feb 22

APEC Privacy Workshop

Novotel Lima, Peru

The workshop will begin with an introductory tutorial on the APEC Cross-Border Privacy Rules (CBPR) and APEC Privacy Recognition for Processors (PRP), followed by panels on accountability-based information management programs generally, key issues in the ongoing implementation of the CBPR/PRP system across the APEC region, current work on creating interoperable systems for cross-border data flows between APEC and the EU, and the applicability of the APEC Privacy Framework in the context of big data and other modern information uses.

The workshop is hosted by the Centre for Information Policy Leadership, TRUSTe, Information Accountability Foundation, and Information Integrity Solutions and is accessible both to APEC delegates and non-APEC delegates. For additional information and to RSVP, please email Daniel Jin at djin@hunton.com.


Feb. 29- March 4

RSA Conference 2016

San Francisco

Celebrating its 25th anniversary this year the RSA Conference continues to drive the information security agenda worldwide. RSA Conference 2016 includes two halls of 500+ exhibitors, 400+ expert-led sessions, unprecedented networking and not-to-be-missed keynote speakers. TRUSTe is exhibiting at the conference at Booth #N3017 and on March 2 from 8.00-8.50am in Room 2007 TRUSTe CEO Chris Babel will be speaking with IAPP VP Research and Education Omer Tene on the relationship between privacy investment and security.

See more details here


March 2 5-9pm PT

RSA “Blended Intelligence” Reception

Contemporary Jewish Museum, San Francisco

An evening of connecting, collaborating and sharing sponsored by IID, Infoblox, OTA, ThreatWave & TRUSTe.

Register here


March 1

EDAA Summit


The EDAA Summit aims to increase awareness of the European Self-Regulatory Programme on Online Behavioural Advertising as well as its role and importance in the development of digital content and services, contributing to the European Digital Single Market. The event will bring together companies active in the digital advertising industry, businesses organizations, European policymakers, academic representatives and media for a full day of keynotes, debates and networking opportunities. TRUSTe is speaking at and sponsoring this event.

Register here


Details of all future events and webinars are listed here.


Privacy Risk Summit 2016 – Save The Date

Screenshot 2016-02-01 20.16.50


We’re excited to announce the launch of the Privacy Risk Summit 2016, taking place in San Francisco on June 8.

The Summit builds on the success of the EU Data Protection Conference and IoT Privacy Summits to offer an expanded program with three parallel conference tracks focusing on the risks rising from technological and regulatory change and privacy risk management best practices.

 100% of attendees at EU Data Protection 2015 said the event had “met or exceeded their expectations”.

The Privacy Risk Summit will bring together leading privacy practitioners, lawyers, regulators, and academics to address the top privacy risks and share proven strategies for success. We want you to be a part of it!

There are three main ways to get involved to take part in this year’s Summit.

Submit Speaker Proposal We are looking for dynamic speakers who can bring a unique perspective to privacy risk management for our audience and welcome submissions from a wide variety of roles in the privacy ecosystem. For this event we particularly welcome speakers that can share practical examples of how they have managed privacy risk in their organization. The deadline for submissions is February 28 2016 at 5.00pm (PT) Find out more details about the topics we’re looking to cover within the three tracks here.

Inquire about Sponsorships With an expected attendance of 200+ senior executives from privacy, legal compliance functions this is the ideal opportunity to demonstrate your thought leadership and solutions for privacy risk management. Request a copy of our sponsorship pack here.

Attend the Summit Join us for a packed day of keynotes, panels and case studies. Register here to benefit from the Event Launch special ticket price of $149 only available until March 7.

Check out the Privacy Risk Summit event website for further details and follow the conversation online using #PrivacyRisk.


Older posts «

» Newer posts