TrustArc Blog

Can You Legally do Analytics Under the GDPR?

July 17, 2017

by Gary LaFever, CEO of Anonos Taking the “personal” out of Personal Data® Many companies aren’t yet aware that they are or will be doing anything wrong processing analytics or using historical data bases under the GDPR. While many companies are understandably focused on conducting data inventories and data protection impact assessments, it is critical to note that inventories and assessments will not support new legal bases required under the GDPR for processing data analytics or for using historical databases involving EU personal data. An important aspect of the GDPR is the new requirement that “consent” must be specific and … Continue reading Can You Legally do Analytics Under the GDPR?

The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness

May 31, 2017

MediaPro Logo

by Tom Pendergast Many of the impacts of the EU’s wide-reaching General Data Protection Regulation (GDPR) are still being hemmed and hawed about, but one thing is clear: more Data Protection Officers will be needed. The IAPP estimated last year that an estimated 28,000 new DPOs will be needed to oversee data handling for organizations subject to the GDPR. The mandatory DPO is one of many provisions within the GDPR going into effect in May 2018. (Check out our white paper here for a primer and some industry expert input). While the requirements for getting in compliance with the GDPR are … Continue reading The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness

The Internet of Things and Connected Cars: Considering Privacy Issues and Minimizing Risk

May 26, 2017

The internet of things is the connection of a broad range of devices using an IP address. It can range from our smart TVs and phones, to our home security systems, thermostats … the list goes on. A popular prediction is that by 2020, the internet of things will comprise no less than 50 billion devices. With this type of wide adoption, concerns over private data surface – how it is collected, how it is used, and how it may make your organization vulnerable to risk. Connected cars, having an IP address, are part of the internet of things. Unless … Continue reading The Internet of Things and Connected Cars: Considering Privacy Issues and Minimizing Risk

How the Privacy Landscape is Creating In-Demand Jobs

April 20, 2015

By KimAnh Tran, Associate Legal Counsel, CIPP/US, Contributor

High profile breaches seem to arise almost weekly across all industries and verticals, making privacy and security top-of-mind for organizations large and small. Fear has proven to be a strong motivator for many organizations, as an expensive remediation process, a regulatory audit and a public relations disaster looms with any breach. Predictably, companies are reacting by trying to clean up their own privacy practices company-wide. This objective, though admirable, is not easily accomplished, and typically requires the skills of experienced privacy professionals.

Privacy management as an industry is still relatively young and consequently, privacy veterans are few and far between. However, more and more job descriptions express a need for seasoned privacy professionals with experience in tracking and understanding privacy regulations and best practices, and applying such knowledge in a variety of different roles and functions.

Though official titles may vary, there are several roles and functions that seem to be in-demand in the privacy space. The qualifications for each may differ depending on company size, the company’s industry and need for privacy support. However, a CIPP certification through the International Association of Privacy Professional may indicate a certain level of credibility and dedication to privacy in the eyes of a hiring manager.

Read more “How the Privacy Landscape is Creating In-Demand Jobs”

EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)

April 02, 2015

By Shreya Vora, Esq., CIPP/US

Educational technology is really taking off. Kids today use tablets and computers at school, learning apps and a bevy of other online tools. When building products for the education technology sector, all business owners need to consider privacy – everyone from budding entrepreneurs to established companies to large multi-national corporations.  When your technology is aimed at kids there are laws as well as best practices to follow in order to mitigate risk and ensure consumer trust.

Understanding the legal landscape within which your technology is operating is essential to ensuring your company’s survival and success. Failure to comply can lead to hefty fines, the loss of business, reputational damage, and a media nightmare. Understanding the laws and best practices in your industry will empower you to design and update your technology with children’s privacy issues in mind. It goes without saying that given the speed of technological innovation, many of the applicable laws have necessitated (and continue to necessitate) reform to truly address the risks posed by education technology, as well as the data gathered about children through such technology (i.e. what can be done with metadata, data retention policies, use of information for advertising purposes — the list goes on). That said, for those working in this space, there are some key regulations to keep in mind (though this is by no means a comprehensive list).

Read more “EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)”

Using Privacy Engineering To Make Your Company More ‘Likeable’

March 31, 2015

By Alexandra Ross, The Privacy Guru

Last week I had the pleasure of speaking at the Privacy Innovations & Technology event, “Demystifying Privacy Engineering” hosted at the TRUSTe offices. In a lively session, we discussed the basics of Privacy by Design (PbD) and Privacy Engineering, including examples of how to implement Privacy Engineering, career opportunities as a privacy engineer, and how Privacy Engineering can be used as a competitive advantage.


At this year’s SXSW, Deepti Rohatgi, head of policy at Lookout, a cybersecurity company, encouraged developers to think about privacy as a product. Lookout, which offers an open source privacy policy generator, believes in the measurable impact of privacy engineering. Lookout recommended A/B testing of thoughtfully designed privacy policies and features, and encouraged the use of privacy engineering to increase customer trust and a company’s overall “likeability.”

Should this idea be revolutionary? Perhaps not, but it’s a departure from how many developers and tech executives regard privacy practices. The era of “bolt on” and stop-gap privacy patching is coming to an end. The stakes are high, as users are growing increasingly more aware of privacy issues.

Read more “Using Privacy Engineering To Make Your Company More ‘Likeable’”