May 09 2016

Awareness of DAA AdChoices Icon Rises to 42%

DAA AdChoices IconNew research findings published today, show consumer concern over online tracking for targeted ads has fallen from 65% to 61% over the last year and awareness of the DAA AdChoices icon, has risen to 42% – five points higher than last year (37%). These latest stats show the sustained growth and success of the DAA program but also what’s at stake for the digital publishing industry as 28% report they had used adblocking software in the month prior to the survey.

As consumers become more aware of how they can control the types of ads they see, they are more likely to feel positive about online behavioral advertising in general. Almost 2 in 5 (39%) said the information available through the AdChoices Icon, along with the option of opting out of OBA, would make them feel more positive about the concept of targeted ads. These findings are based on data from an online survey conducted by Ipsos, commissioned by TRUSTe, with 1,000 adults aged 18-75 in the US from December 17-22, 2015. Tracking data is available for the previous four years.

According to the survey, the business impact of consumers’ privacy concerns remains high with 89 percent avoiding doing business with companies they don’t believe protect their privacy and 74 percent of those who worry about their privacy online limiting their online activity in the last 12 months due to their concerns. Of those who worried about their privacy online, 51% did not click on an online ad in the last 12 months – the most common action taken due to privacy concerns.

The DAA program covers online, mobile and video ads and was developed in conjunction with the advertising industry to provide users with more control over their online ad experience and the option to opt-out of personal targeting without blocking ads altogether. Later this week, TRUSTe CEO Chris Babel will be speaking on a Publishers’ Roundtable titled “The Increasingly ‘Relevant’ Ad-Financed Business Model” at the Digital Advertising Alliance 2016 Summit from May 12-13.

Find out more about TRUSTe’s Ad Compliance Manager technology solution here.

May 02 2016

May Spotlight: TRUSTe Speaking at Events in Toronto, LA and London

Screenshot 2016-04-30 09.57.18IAPP Canada Privacy Symposium 2016

May 11 – May 12


The privacy landscape is changing at breakneck speed, and your job is becoming more complex by the day. Boasting exceptional education, unmatched networking and a strong community of privacy professionals, the Symposium returns to help you step up your game.

TRUSTe’s Eleanor Treharne-Jones will be speaking on Wednesday, May 11th, 11:45am-1pm on “Are You Ready for the GDPR? Let’s Find Out.”

> Register here


Digital Advertising Alliance Summit 2016

May 12 – May 13

Los Angeles

The Digital Advertising Alliance Summit 2016 is a full-day event and provides a unique opportunity for DAA Program participants to learn about the latest developments in industry self-regulation.

TRUSTe’s Chris Babel will take part in the panel, “Publishers’ Roundtable 2016: Congratulations to the Increasingly ‘Relevant’ Ad-Financed Business Model” alongside industry experts at Viacom Media Networks, Netflix, Daily Actor, and the American Advertising Federation (AAF).

> Register here


IRMS Conference

May 15 – May 17


The Information & Records Management Society (IRMS) Conference brings together information professionals to provide an independent perspective on key challenges surrounding this years’ theme, “Information Superheroes – Enabling Business Excellence”.

TRUSTe’s Ralph O’Brien will be speaking on Tuesday, May 17th, 09.00 – 09.45 on “Hero or Villain? The Evolution of Business Information Management”.

> Register here


Global Privacy Enforcement Priorities

May 19 – 9.00am – 10.00am PT

Online Webinar

As the scope of EU law reaches around the world we are also seeing greater international regulatory co-operation. So whether it’s the FTC, the FCC or European DPAs, what are the top priorities on the agenda of global privacy regulators? How is this impacted by the rise of activism and the role of individuals like Max Schrems who have forced legal changes?

In this webinar, experts will review the latest case law and enforcement actions from the last 12 months and share their assessment on what this could mean for the future and how to keep your company out of the regulatory spotlight

> Register here




Apr 28 2016

Preparing for New Breach Notification Requirements in Canada

Screenshot 2016-04-27 16.45.36

In these times of uncertainty regarding privacy must-dos (read GDPR and Privacy Shield), Canada offers us another set of rules to prepare for in the Digital Privacy Act. Passed in June 2015, much of the Digital Privacy Act is already defined and in place. One main component though, the breach notification rule, is under consultation and still somewhat of an unknown. Despite some level of uncertainty, it is still possible to prepare for compliance.

The April TRUSTe Client Advisory Note was prepared by Margaret Alston CIPP/G/C/M from the TRUSTe Privacy Consulting Group and reviews the key changes in the Act which include:

  • Definition of “valid consent.”
  • Compliance Agreements as an enforcement option for Commissioners
  • Broadening of allowable public disclosures by the Commissioner
  • Scope of PIPEDA – including but not limited to the exclusion of business contact information
  • Exceptions to consent requirements, such as for fraud prevention purposes
  • Extension of time limits for court applications from 45 days to 1 year
  • Breach notification, reporting, and record keeping (not yet in effect)

The Advisory then covers in more detail how companies can prepare now for the new data breach notification changes.

If you would like to review this latest Client Advisory Note then look out for your copy on e-mail today or contact TRUSTe on 1-888-878-7830.


Apr 13 2016

Privacy Shield Moves to Next Phase of European Regulatory Approval While Article 29 WP Calls for Improvements

Screenshot 2016-04-13 14.29.02

Today the European Data Protection Authorities (the Article 29 Working Party) published their official opinion on the proposed adequacy decision by the European Commission on the EU-U.S. Privacy Shield. The opinion acknowledges the improvements in the new framework but asks for clarification in a number of areas to address their ongoing concerns.

The opinion is not binding but is an important step in the approval process for the new international data transfer framework published in February to replace Safe Harbor. The EU-U.S. Privacy Shield framework is the product of two years of intensive negotiations and represents the commitment of the EU and the U.S. Government to securing the vital transatlantic data flows which are such an integral part of the information economy.

 Path to EU Regulatory Approval

Before the Framework can come into effect a draft adequacy decision from the European Commission must be approved by a European “comitology” procedure, which involves (i) insight from the Article 29 Working Party, (ii) a binding opinion from the EU Member State representatives, and (iii) formal adoption of the adequacy decision by the EU College of Commissioners.

Article 29’s opinion recognizes the significant improvements in the new privacy shield arrangement, but remains concerned that it does not go far enough to align with EU privacy law. The opinion asked for clarification in a number of areas including in relation to ongoing concerns around national security. As a result regulators were not yet in a position to confirm that the current draft adequacy decision ensures a level of protection that is essentially equivalent to that in the EU.

While the opinion of the Article 29 Working Party is important it is not binding, and the European Commission is now in a position to proceed with the adoption of a comitology Commission decision based on Article 25.6 of the Directive. The next step in the adoption process is a review and issuance of a binding opinion by the Article 31 Committee made up of representatives from the EU Member States. It is anticipated that this final approval process will be completed by June 2016.

How TRUSTe can help?

While regulatory review of the Privacy Shield is underway, TRUSTe continues to provide guidance to companies as they analyze the Privacy Shield principles in light of their own data flows and data protection practices.

Find our more on our website here or contact us for further details on 1-888-878-7830.



Apr 08 2016

Managing Information Security Risks – New Assessment Template Available


You can’t have privacy without investing in information security. Personal data breaches cause harm to the individual, damage to reputation, and erosion of customer trust. They are also the number one cause of regulator attention, fines and investigations.

Today, TRUSTe released a further template for its Assessment Manager, in addition to the suite of privacy management templates already available. The template addresses information security issues and is based on the requirements of ISO/IEC 27001:2013, and utilizes that framework to increase security management and management assurance. In addition, our experienced consultants have added a series of recommended actions to help business’ implement the standard effectively.

ISO/IEC 27001:2013 is the de facto international information security management standard, designed for businesses that want to create a governance framework surrounding information security that ensures appropriate risk management and sustainable continual improvement. Its methodology is designed to allow both for adoption as a governance framework to establish, implement, operate, monitor and improve security, and for businesses that require external third party accredited certification. The standard is increasingly used in bids and tenders, and as a basis to evaluate suppliers and vendors.

If you need to achieve ISO 27001 compliance, or simply want to adopt or assess yourself against the best practice security management framework, enquire about TRUSTe’s Assessment Manager here.


Apr 04 2016

IAPP & TRUSTe Partner to Offer New GDPR Assessment Solution

Screenshot 2016-03-30 21.14.36

The EU General Data Protection Regulation (GDPR) introduces strict new requirements for all companies that do business in Europe, whether located there or not, and is backed by potential fines of up to 4% of global revenue or €20 million euros. Recent research found that 43% of companies were looking for privacy technology solutions to help them comply with the GDPR and a third (33%) were looking for help in assessing their corporate risk exposure.

Today, the IAPP and TRUSTe, launched a new comprehensive online assessment tool to help companies prepare to meet the requirements of the new European General Data Protection Regulation (GDPR). The IAPP GDPR Readiness Assessment is powered by TRUSTe Assessment Manager and available for free to IAPP’s 25,000 global members.

Announcing the new solution at the Global Privacy Summit 2016 IAPP President and CEO J. Trevor Hughes, CIPP, said:

“It is time to get to work on the tough tasks of understanding and, eventually, complying with the GDPR. Every company doing business in the European Union has some challenges ahead. This tool will help companies understand those challenges.”

The IAPP GDPR Readiness Assessment is available via a special single user version of TRUSTe Assessment Manager created for IAPP members.  The assessment consists of more than 60 questions mapped to key requirements of the GDPR.  On completion of the assessment, users will be provided with a gap analysis report summarizing their responses along with recommended remediation steps for any areas that are not consistent with the GDPR requirements.

Screenshot 2016-03-30 21.16.12

The GDPR Readiness Assessment is easy to implement, with no software to download. IAPP members can activate their free account at or visit the TRUSTe Booth (#36) at the IAPP Global Privacy Summit for a demo and to speak with one of our privacy consultants.

To find out more about TRUSTe Assessment Manager click here.


Apr 01 2016

April Spotlight: IAPP Global Summit; Preparing for GDPR Compliance

Screenshot 2016-03-30 20.52.15

IAPP Global Privacy Summit 2016

April 4 – April 6

Washington DC

In the privacy sphere, amidst increasing risk, evolving regulatory requirements and rising customer expectations, there’s strength in numbers. Enter the IAPP Global Privacy Summit, drawing us in, taking a spotlight to the challenges of our time. Here, we grow our knowledge, make surprising, valuable connections and, most importantly, advance the privacy conversation together.

TRUSTe will be exhibiting at booth #36 and Chris Babel, CEO of TRUSTe will be speaking on the Little Big Stage on Wednesday, April 6th at 1:55pm.

> Register here


Preparing for the GDPR – The Compliance Countdown Begins

April 14 – 9.00am – 10.00am PT

Online Webinar

The introduction of the European General Data Protection Regulation (GDPR) has been heralded as the most significant change in global privacy regulations for the last 20 years. But now the talking is over and the legislation is agreed, the compliance countdown begins. What does this mean for your business?

This webinar will review the final text of the GDPR and explain the key things you need to know to comply from data breach notification, to consent and international data transfers. Register now to get a clear roadmap for GDPR compliance within your organization.

> Register here


IAPP Europe Data Protection Intensive

April 20 – April 21


The IAPP Europe Data Protection Intensive is the leader in education on the practical application of privacy and data protection today. Focused on the issues impacting you now and in the coming year, this is where you’ll find the knowledge and how-to skills you need to excel in 2016.

TRUSTe will be exhibiting at booth #9 – come by to see a demo of the new GDPR Readiness Assessment Template available in TRUSTe Assessment Manager.

> Register here


6th European Data Protection Days

April 25 – 26


The 6th European Data Protection Days 2016 will take place at a particularly interesting time. 2015 was a historic year for data protection and privacy professionals around the world. After almost four years of drafting and negotiating and more than 3,000 amendments, the final text of the EU General Data Protection Regulation was agreed by the European Parliament, Counsel and Commission. The European Court of Justice declared in its landmark decision that the Commission’s US Safe Harbor decision is invalid. The ruling has created legal uncertainty for companies that relied on Safe Harbor to legitimize data transfers from Europe to the U.S. – and they urgently await final regulatory agreement on the new data transfer framework (EU-U.S. Privacy Shield) The EDPD Conference will provide you with all the important news and updates for your international data protection business at a high level.

TRUSTe will be exhibiting and Ralph O’Brien, Principal Consultant (EU) at TRUSTe will be speaking on Tuesday, April 26th at 5:00pm about “Global frameworks and local laws – assessing privacy risk in an evolving world”.

> Register here



Mar 22 2016

Merck Successfully Concludes First APEC-based BCR Approval


On March 1st, Merck & Co. Inc. (Merck) formally concluded their Binding Corporate Rules (BCR) approval process with the Belgian Data Protection Authority, becoming the 82nd company to achieve the compliance landmark. But in a global first, Merck based its BCR application on its APEC Cross Border Privacy Rules (CBPR) certification. This work was facilitated by Merck’s use of a common referential developed by the Article 29 Working Party and APEC’s Data Privacy Sub Group in 2014 to facilitate interoperability between companies seeking certification under both systems.  In October 2013, TRUSTe certified Merck as the first health-care company and the second multinational company under the CBPR system.

The value of this approach is that we were able to obtain both CBPR and BCR approvals while maintaining the substance and structure of our existing global privacy program. The practical effect is that we gained greater efficiency in how we manage cross-border data transfer and global data processing without adding complexity to how we operate”, said Hilary Wandall, Chief Privacy Officer.

As was reported in a recent review of CBPR benefits by Information Integrity Solutions, the first phase of Merck’s BCR approval took less than three months, while the mutual recognition phase took an additional nine months.   In addition to the time for completion of the EU cooperation procedure and transition between the approval phases, the entire approval process was approximately three months faster than the 18 month average.   Most importantly, because Merck based its BCR approval on its previously-approved CBPR certification, a broadly BCR-compliant global privacy program was already in place. As a result, according to Merck’s internal estimates, the total cost of its BCR was approximately 90% less than it would have otherwise been.

When announcing the referential’s endorsement in March 2014, Isabelle Falque-Pierrotin, Chairwoman of the French Data Protection Authority (CNIL) and president of the Article 29 Working Party called it a “very political and symbolic act” for companies seeking to obtain both BCR and CBPR certification. FTC Chairwoman Edith Ramirez noted that “[i]nteroperability is absolutely critical”, adding that “[w]ithout the ability to work across systems, we simply can’t effectively protect the privacy of consumer data, and that’s why as part of the U.S. delegation to the APEC data privacy subgroup, the FTC has been actively involved, along with the Department of Commerce, in developing the CBPRs and also working on this referential.” Earlier this month, Article 29 affirmed that work on the BCR-CBPR project would be a key component of its 2016-2018 workplan.

The CBPR system was endorsed by APEC member economies in 2012 for businesses established in the APEC region that collect and transfer personally identifiable information from consumers. TRUSTe was named the first accountability agent for the system in June 2013. You can learn more about Merck’s work on interoperability here. To learn more about obtaining a TRUSTe CBPR certification click here.

Older posts «

» Newer posts