While working with vendors and third parties is an inherent part of doing business and they provide tremendous value and opportunity – vendors also present significant risks. These risks are of growing concern, particularly when it comes to data privacy and security. Forrester states, “The repercussions of security incidents across the value chain, as well as the EU General Data Protection Regulation’s (GDPR’s) more stringent compliance requirements, make managing third-party risk a top priority for S&R [security and risk] pros.”1 And you don’t have to look far to find examples in the news of data breaches that vendors caused. Forrester … Continue reading Understand and Mitigate Your Vendor Privacy Risks
As part of the TrustArc Privacy Insight Series, Director of Consulting at TrustArc, Paul Iagnocco, presented “Managing Risk & Easing the Pain of Vendor Management”. This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here. In this webinar, Paul discussed methods and challenges companies face when accessing and evaluating vendors under regulations such as the GDPR, CCPA, Privacy Shield and HIPAA. Under each of these regulations, demonstrating compliance requires vendor management provisions speaking to specific topics such as: documented instructions, technical and organization measures, confidentiality, disclosure, right … Continue reading Privacy Insight Series Webinar Recap: Managing Risk & Easing the Pain of Vendor Management
Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?
The Internet of Things (or the Internet of Everything, as some refer to it) is changing the way of the world for businesses, governments and consumers, as devices and services are increasingly connected to the Internet in real-time, 24/7. This allows for the practically ubiquitous collection, storage and sharing of data on an always-on basis, which heralds countless innovations for enterprises and individuals alike. However, with increased connectivity comes the potential for increased vulnerability—in both the cyber and physical worlds. This is why Privacy by Design is a paramount business practice for companies engaged in the IoT space, as well … Continue reading Privacy Risk Summit Preview: Privacy by Design for IoT
If you missed today’s webinar covering vendor management, you can watch a clip below and follow this link to download the full webinar. Speakers Ray Everett, Director Product Management & Principle Consultant at TRUSTe and Charlie Miller, SVP at Shared Assessments covered best practices for vendor management, conducting vendor risk assessments and revealed results from a 2015 Vendor Risk Management benchmark study. This webinar is part of TRUSTe’s Privacy Insight Series. View the recap below, or click here to download the full webinar. Click here for a clip of the webinar.
- August 6, 10-11 a.m. PDT
Webinar – “30 Day Countdown Until DAA Mobile Enforcement: Are You Ready?”
Enforcement of the DAA Mobile Guidelines begins in September. Find out what this means for your business. Speakers include Lou Mastria, Executive Director of the Digital Advertising Alliance; Michael Signorelli, Partner, Venable LLP and Counsel, Digital Advertising Alliance; Helen Huang, Senior Product Manager at TRUSTe, and moderated by Kris Vann, J.D., Senior Product Marketing Manager at TRUSTe.
- August 13, 9 a.m. PDT
Webinar – “How Good Privacy Practices Can Help Prepare for a Data Breach”
TRUSTe offers this webinar as the first in our Fall/Winter Privacy Insight Series.
This webinar will examine the costs of a data breach occurring, the role of privacy and information governance in preparing for a possible breach. Attendees will also learn how to build an incident response plan to mitigate damages and to ensure that every relevant employee knows what to do in the event of a data breach. Speakers include Larry Ponemon, Chairman and Founder of the Ponemon Institute; Mary Westberg, Sr. Compliance Paralegal, SanDisk and Joanne Furtsch, Director of Product Policy, TRUSTe.