The EU-U.S. Privacy Shield international data transfer framework had its first annual review; highlights are included below. Andrus Ansip, Commission Vice-President for the Digital Single Market, said: The Commission stands strongly behind the Privacy Shield arrangement with the U.S. Making international data transfers sound, safe and secure benefits certified companies and European consumers and businesses, including EU SMEs. This first annual review demonstrates our commitment to create a strong certification scheme with dynamic oversight work. Overall, the report shows that European Commission (EC) feels that the Privacy Shield continues to ensure an adequate level of protection for the personal data transferred from the EU … Continue reading EU-U.S. Privacy Shield: First Review Positive
EBSCO Industries, Inc. and its subsidiaries (EBSCO) have completed their certification for EU-US Privacy Shield, which is the international data transfer framework requiring that companies meet rigorous obligations to protect the personal data of Europeans. View EBSCO’s Privacy Shield certification here. It is monitored and enforced by the US Department of Commerce (DOC) and the Federal Trade Commission (FTC). EBSCO’s certification demonstrates their commitment to consumer privacy and ensures that they transfer data in a safe way, in compliance with the Privacy Shield framework. TRUSTe reviewed and verified that they comply with the EU-US Privacy Shield Framework; TRUSTe will also provide independent dispute resolution services to … Continue reading EBSCO Shows Commitment to Data Privacy through Privacy Shield Certification
Adding Swiss-US Privacy Shield self-certification. As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield. Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are: When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or … Continue reading Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap
Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?
Last month the United States Department of Commerce and Switzerland’s Federal Council declared that the new Swiss-US Privacy Shield Framework will be the successor to the Swiss-US Safe Harbor framework. The Swiss-US Safe Harbor framework was declared invalid in October 2015 following the European Union Court of Justice’s decision that the EU-US Safe Harbor was an inadequate legal mechanism for personal data transfers to the US. Since then, officials have drafted the new framework to ensure that the Swiss-US Privacy Shield Framework improves upon the U.S.- Swiss Safe Harbor framework by including stricter data protection principles. These include enhanced requirements … Continue reading Swiss-US Privacy Shield Replaces U.S.-Swiss Safe Harbor
Why you should know where your data is: two practical use cases The General Data Protection Regulation (GDPR) includes a wide range of privacy related requirements which will impact all areas of a company, including legal, compliance, information security, marketing, engineering, and HR. These changes will require companies to have a clear understanding of where their data is in order to ensure GDPR compliance. Use Case 1: A data subject requests a copy of their data. GDPR Requirement Article 15 grants data subjects the right of access giving individuals a right to obtain confirmation as to whether personal data is … Continue reading Why you should know where your data is: two practical use cases