TrustArc Blog

A Memorable Week in Hong Kong at the 39th ICDPPC

October 19, 2017

By Hilary Wandall, TrustArc General Counsel & Chief Data Governance Officer   I provided some highlights of the first day at the 39th ICDPPC conference in Hong Kong. Now I will share some additional insights.   It was a remarkable week in Hong Kong with current and former IAPP Board members and other privacy friends and colleagues most of whom I’ve known for decades, but also a few I had the pleasure of meeting for the first time as we explored global issues and local culture together. Over 750 delegates representing more than 65 data protection authorities, the United Nations, … Continue reading A Memorable Week in Hong Kong at the 39th ICDPPC

39th International Conference of Data Protection and Privacy Commissioners – Hong Kong

September 26, 2017

By Hilary Wandall, TrustArc General Counsel & Chief Data Governance Officer This week I am attending the International Conference of Data Protection and Privacy Commissioners from September 25 – 29 in Hong Kong. This conference has convened since 1979 and serves to provide leadership on privacy and data protection at the international level. I will be sharing some of the highlights on the evolution of privacy and its importance for all organizations. Privacy Shield Declared a Success!   The U.S. Department of Commerce, the Federal Trade Commission and the European Commission kicked off the conference with a session reporting out … Continue reading 39th International Conference of Data Protection and Privacy Commissioners – Hong Kong

Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

April 13, 2017

  Adding Swiss-US Privacy Shield self-certification. As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield. Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are: When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or … Continue reading Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

Important Privacy Shield Requirements for Pharma & Medical Companies

March 28, 2017

By Emily S. Yu, Privacy Solutions Manager, TRUSTe The EU-US Privacy Shield framework is an approved transfer mechanism for personal data from the EU to the United States, meaning that once self-certified, companies have “adequate” protections in place when transferring personal data. Businesses involved in clinical, medical and other forms of scientific research may not be aware that there are specific requirements under Privacy Shield that apply to those fields. The requirements may create the need for additional privacy policy controls, so companies in those fields should check to ensure that all requirements are being met. These requirements are addressed in … Continue reading Important Privacy Shield Requirements for Pharma & Medical Companies

Privacy Shield Grace Period is Ending, Are you Ready?

March 20, 2017

EU US Privacy Shield

Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield  Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?

3 Ways to Leverage Your Privacy Shield Certification

March 02, 2017

EU US Privacy Shield

Last week TRUSTe held a webinar “Privacy Shield Self-Certification – What’s Next?” as part of its Privacy Insight Series. If you missed the webinar you can still sign up to receive the on-demand recording and the slides. Our speakers, David Fowler, Chief Privacy & Digital Compliance Officer, Act-On Software; Amanda Gratchner, Global Privacy Counsel, NAVEX Global; and K Royal, Senior Privacy Consultant at TRUSTe discussed several different ways to enhance everything from your policies to your Privacy Impact Assessments by leveraging your Privacy Shield Certification. They also discussed how to use the Certification toward compliance with other frameworks, such as the … Continue reading 3 Ways to Leverage Your Privacy Shield Certification

Subscribe to Blog