Adding Swiss-US Privacy Shield self-certification.
As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield.
Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are:
- When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or use another Independent Dispute resolution Provider (IDR).
- The Choice Principle has been modified. The definition of “Sensitive Data” has been expanded upon.
- For the EU-US Privacy Shield, there was a grace period; however, there is no grace period for the Swiss-US Privacy Shield.
- The binding arbitration option will be put in place at the first annual review of the Swiss-US Privacy Shield.
Although there are a few places where these frameworks vary, the Swiss-US Privacy Shield and EU-US Privacy Shield frameworks touch back to the same core principles. Companies should be able to use the work done to become compliant with one framework toward compliance with the other.
While we highlighted one of the webinar topics in this blog post, the webinar covered several additional topics:
- How the Swiss-U.S. Privacy Shield was developed
- What you should do to prepare to self-certify to Privacy Shield for the first time, or to add the Swiss – U.S. Privacy Shield to your EU-U.S. Privacy Shield certification
- How to navigate the self-certification process on privacyshield.gov
- How to re-certify on an annual basis
To view, listen to all topics covered, and share the webinar recording, please find a shareable link here.