TrustArc Blog

Workday and Envestnet | Yodlee Demonstrating Best Privacy Practices for Processors through APEC PRP Certification

December 06, 2018

Global companies are increasingly more concerned with ensuring the privacy and security of the information they hold. Not only is complying with international privacy regulations and frameworks important to avoid fines, but it is also critical for building trust with customers, mitigating risks, and protecting the company’s reputation. One way that companies can demonstrate compliance is by adhering to a recognized international privacy framework, such as the Asia-Pacific Economic Cooperation (APEC) framework as demonstrated by the  APEC Privacy Recognition for Processors (PRP) certification. Like the APEC Cross Border Privacy Rules (CBPR) system (which applies to data controllers), the APEC PRP … Continue reading Workday and Envestnet | Yodlee Demonstrating Best Privacy Practices for Processors through APEC PRP Certification

How to Prepare for the California Consumer Privacy Act “Look Back” Requirement

November 15, 2018

The California Consumer Privacy Act (CCPA) will be effective January 1, 2020, but the 12-month “look back” requirement means that companies will need records of personal information collected dating back 12 months before January 1, 2020, which is January 1, 2019. While January 2020 seems far away, creating and maintaining data inventories and flows beginning January 2019 to meet the “look back” requirement will take time. With less than two months to go, companies should secure a budget, develop a process, and evaluate tools to help implement the process. The budget should take into account supplying your team with the … Continue reading How to Prepare for the California Consumer Privacy Act “Look Back” Requirement

TrustArc Announces New Privacy Platform Enhancements

November 01, 2018

TrustArc has announced several exciting enhancements to our Privacy Platform! These new capabilities will help companies better manage their privacy programs. The Privacy Platform helps provide end to end privacy management through a series of modules designed to address a wide range of privacy functions, including data inventory and mapping; privacy risk assessments; consent management; and individual rights and data subject rights requests. The new privacy assessments include:        Inherent Risk        DPIA Controls        Consent        Legitimate Interests        Right to Object        Third Party Risk        International Data Transfer        Automated Decision Making These new assessments feature a revolutionary modular design that intelligently matches the assessments … Continue reading TrustArc Announces New Privacy Platform Enhancements

How to Maintain a Data Inventory for GDPR Compliance – Tips from TrustArc Privacy Experts

August 22, 2018

Now that the GDPR has been in effect for a few months, it is a good time to evaluate your processes and procedures put in place prior to the deadline. Although May 25th has passed, companies still need to be compliant every day after. A fundamental key to staying compliant is introducing a regular review process. As a reminder, Article 30 requires companies to produce “records of processing activities”, which will allow regulators to see that companies are adhering to the GDPR. With this goal in mind, the records should show why and how the data is being processed. A … Continue reading How to Maintain a Data Inventory for GDPR Compliance – Tips from TrustArc Privacy Experts

New Analyst Report on Using Technology Platforms to Manage Privacy

August 17, 2018

Michael Rasmussen of GRC 20/20 Research has been noted as the “Father of Governance, Risk, and Compliance (GRC)” – being the first to define and model the GRC market in 2002 while at Forrester. In this new report, he explores the challenges organizations face when complying with privacy regulations such as the EU GDPR. Privacy is a highly dynamic, moving target that requires compliance management to identify and mitigate the compliance, brand, and business risks associated with processing personal data. Accordingly, organizations need an integrated collaborative process and technology architecture that can span distributed privacy and business functions. They also … Continue reading New Analyst Report on Using Technology Platforms to Manage Privacy

Privacy Shield Program Continues to Demonstrate High Interest

August 09, 2018

The U.S. Department of Commerce recently issued a communication highlighting the growing industry interest in participating in both EU-U.S. and Swiss-U.S. Privacy Shield certification programs. There are currently over 3,300 organizations in the program and over 1,000 more who have submitted their first time certification applications in recent months – which will likely bring the number of participants to over 4,000. Dave Deasy, SVP Marketing at TrustArc, commented “we are continuing to see high interest in Privacy Shield from companies of all sizes to ensure they can demonstrate a high commitment to privacy for international data transfers.  This is consistent … Continue reading Privacy Shield Program Continues to Demonstrate High Interest