Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?
Last month the United States Department of Commerce and Switzerland’s Federal Council declared that the new Swiss-US Privacy Shield Framework will be the successor to the Swiss-US Safe Harbor framework. The Swiss-US Safe Harbor framework was declared invalid in October 2015 following the European Union Court of Justice’s decision that the EU-US Safe Harbor was an inadequate legal mechanism for personal data transfers to the US. Since then, officials have drafted the new framework to ensure that the Swiss-US Privacy Shield Framework improves upon the U.S.- Swiss Safe Harbor framework by including stricter data protection principles. These include enhanced requirements … Continue reading Swiss-US Privacy Shield Replaces U.S.-Swiss Safe Harbor
Why you should know where your data is: two practical use cases The General Data Protection Regulation (GDPR) includes a wide range of privacy related requirements which will impact all areas of a company, including legal, compliance, information security, marketing, engineering, and HR. These changes will require companies to have a clear understanding of where their data is in order to ensure GDPR compliance. Use Case 1: A data subject requests a copy of their data. GDPR Requirement Article 15 grants data subjects the right of access giving individuals a right to obtain confirmation as to whether personal data is … Continue reading Why you should know where your data is: two practical use cases
The International Trade Administration (ITA) announced that the 500th company was posted to the EU-US Privacy Shield Framework list on Tuesday, October 18th. It’s a tremendous accomplishment, and there are still more to come. More than 1,500 companies have submitted self-certifications, providing strong endorsement of the new framework. The ITA press release stated: WASHINGTON – The EU-U.S. Privacy Shield Framework today achieved a milestone with the posting of the 500th company to the Framework list since it began accepting certifications on August 1, 2016. The U.S. Department of Commerce’s International Trade Administration manages the newly created Privacy Shield program, and conducts a … Continue reading 500th Company Posted to Privacy Shield Framework
Last week we gave you the facts to dispel three common misconceptions about Privacy Shield. This week we are including three more. 1. Model Contractual Clauses (MCCs) & Standard Contractual Clauses (SCCs) are easier than certifying for Privacy Shield. While your company may have invested in MCCs or SCCs when Safe Harbor was nullified, your work does not stop there. You need to continue updating your contracts on an ongoing basis to ensure continuing compliance. Sabina Jausovec Salinas, Corporate Counsel at Rackspace and Debbie Bromson, Head of Global Privacy at Jazz Pharmaceuticals spoke about why they chose Privacy Shield for their organizations; … Continue reading 3 More Misconceptions about Privacy Shield
Here are 3 Misconceptions about Privacy Shield and the facts you should know. 1. I missed the deadline to certify for Privacy Shield. Although the deadline to qualify for the onward transfer requirements grace period ended September 30th, it is not too late to certify. While there is no deadline to self-certify, if you have clients and/or employees in Europe, you will need to make use of one of the recognized transfer mechanisms to process that data outside of Europe. In addition to these regulatory obligations, your company may start to face pressure from clients or business partners to get the … Continue reading 3 Misconceptions about Privacy Shield