Scribd Logo
Upload

Welcome to Scribd!

  • Privacy Shield Is Here - What You Need To Know - TRUSTe Webinar

    Uploaded by

    TrustArc
    20 views22 pages
    The new Privacy Shield Framework has been formally adopted after months of rigorous EU regulatory review and the Department of Commerce is expected to start taking submissions in August. What does this mean for companies looking to comply with the new Framework? Register NOW to watch the full on-demand webinar - https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html

    Original Title

    Privacy Shield is Here – What You Need to Know | TRUSTe Webinar

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The new Privacy Shield Framework has been formally adopted after months of rigorous EU regulatory review and the Department of Commerce is expected to start taking submissions in August. What does this mean for companies looking to comply with the new Framework? Register NOW to watch the full on-demand webinar - https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views22 pages

    Privacy Shield Is Here - What You Need To Know - TRUSTe Webinar

    Uploaded by

    TrustArc
    The new Privacy Shield Framework has been formally adopted after months of rigorous EU regulatory review and the Department of Commerce is expected to start taking submissions in August. What does this mean for companies looking to comply with the new Framework? Register NOW to watch the full on-demand webinar - https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Privacy Shield is Here: What You

    Need to Know
    July 21, 2016

    Privacy Insight Series


    - truste.com/insightseries
    v

    Todays Speakers
    Caitlin Fennessy
    Senior Policy Advisor
    Data Flows and Privacy Team
    International Trade Administration
    U.S. Department of Commerce

    Chris Babel,
    CEO
    TRUSTe

    Privacy Insight Series


    - truste.com/insightseries
    v

    Todays Agenda
    Welcome & Introductions
    Understanding the Differences between Safe Harbor & Privacy Shield
    How the Department of Commerce will Operate the Program

    Working with Third Party Verification & Dispute Resolution Providers


    Looking Forward
    Q&A

    Privacy Insight Series


    - truste.com/insightseries
    v

    Understanding the Differences between


    Safe Harbor & Privacy Shield
    Caitlin Fennessy, Senior Policy Advisor, Privacy & Data Flows Team,
    U.S. Department of Commerce

    Privacy Insight Series


    - truste.com/insightseries
    v

    Understanding the Privacy Shield Framework


    What does the Privacy Shield contain?
    Privacy Shield Principles
    Requirements to which U.S.-based organizations can make an enforceable
    commitment to receive data in compliance with EU data protection laws

    Letters Describing Oversight and Enforcement from:


    Secretary of Commerce and Under Secretary for International Trade
    Chairwoman of the Federal Trade Commission
    Secretary of Transportation

    Government Access to Data


    Letter from the Secretary of State on the new Privacy Shield Ombudsperson

    Letter concerning safeguards and limitations from the Office of the Director of
    National Intelligence
    Letter concerning safeguards and limitations from the Department of Justice
    Privacy Insight Series
    - truste.com/insightseries
    v

    Understanding the Privacy Shield Framework

    What should your company focus on to come into compliance?


    Whats new compared to Safe Harbor

    1. New Privacy Protections


    Notice requirements
    Accountability for onward transfer

    Purpose limitation and data retention


    Note: Companies should review the Framework in its entirety. These
    slides are only meant to highlight certain aspects.
    Privacy Insight Series
    - truste.com/insightseries
    v

    Understanding the Privacy Shield Framework

    What should your company focus on to come into compliance?


    Whats new compared to Safe Harbor
    2. Enhanced Complaint Resolution

    Response time to EU individuals


    Free dispute resolution
    Binding arbitration as last-resort option

    Privacy Insight Series


    - truste.com/insightseries
    v

    Understanding the Privacy Shield Framework

    What should your company focus on to come into compliance?


    Whats new compared to Safe Harbor

    3. Improved Cooperation and Transparency


    Monitoring and dispute resolution requires cooperation with
    ITA Privacy Shield Team
    Ongoing requirements (if withdraw and maintain data)
    Publication of FTC compliance reports (if subject to
    enforcement action)
    Privacy Insight Series
    - truste.com/insightseries
    v

    How the Department of Commerce will


    Operate the Program
    Caitlin Fennessy, Senior Policy Advisor, Privacy & Data Flows Team,
    Department of Commerce

    Privacy Insight Series


    - truste.com/insightseries
    v

    Joining the Privacy Shield Program


    How will a company join Privacy Shield?
    1. Confirm Your Organizations Eligibility to Participate
    2. Develop a Compliant Privacy Policy
    3. Establish an Independent Recourse Mechanism (IRM)
    4. Ensure a Verification Mechanism is in place
    5. Identify your Privacy Shield Point of Contact
    6. Self-certify Using the Privacy Shield Website
    7. Reaffirm Self-certification Annually
    8. Reply to Inquiries from EU citizens, IRM, Commerce, and/or DPAs
    as Required
    Privacy Insight Series
    - truste.com/insightseries
    v

    10

    10

    Joining the Privacy Shield Program


    ITA Administration: Whats new that matters to you?

    Maintenance of the Privacy Shield Website

    Verification of Self-Certification Requirements


    Monitoring of Compliance
    Facilitating Resolution of Complaints Referred by EU DPAs

    Privacy Insight Series


    - truste.com/insightseries
    v

    11

    11

    Joining the Privacy Shield Program


    FTC Enforcement: What has changed (and what hasnt)?
    Prioritization of DPA Referrals
    Enforcement Cooperation

    Investigatory Assistance
    Publication of FTC Compliance Reports

    Privacy Insight Series


    - truste.com/insightseries
    v

    12

    12

    Third Party Verification &


    Dispute Resolution Providers
    Chris Babel, CEO, TRUSTe

    Privacy Insight Series


    - truste.com/insightseries
    v

    13

    Privacy Practices Verification


    Companies must take steps to verify assertions made around Privacy
    Shield compliance are true
    Third party compliance reviews can be used to satisfy this requirement

    Third party reviews must:


    Verify privacy policies are being complied with
    Consumers are informed of how they can file a compliant

    Companies must be able to demonstrate an external review has been


    successfully completed annually
    This can be provided by the external compliance review provider

    Companies must retain records of their implementation of the Privacy


    Shield Principles and privacy policies
    Records must be provided upon request in context of a Privacy Shield related
    investigation

    Privacy Insight Series


    - truste.com/insightseries
    v

    14

    Dispute Resolution
    Companies must respond to initial complaint within 45-days
    Alternative mechanism must be in place to address Privacy Shield
    related complaints
    Independent Dispute Resolution Provider (IDR) can be used for consumer data
    DPAs must be used for employee data

    Must be provided free of charge to individuals


    Companies must provide information regarding their IDR Provider in
    their privacy notice
    Name of the designated provider and how to contact them
    Whether the provider is EU or U.S. based

    That it is available free of charge

    Binding arbitration is available after other mechanisms have been


    exhausted
    Privacy Insight Series
    - truste.com/insightseries
    v

    15

    New requirements for IDR Providers


    Make information available to consumers about Privacy Shield and the
    IDR Providers role under Privacy Shield
    Needs to be accessible from IDR Providers website
    Link to the DOCs Privacy Shield site
    Explanation of how to file a complaint, dispute resolution process and
    timeframes, and potential remedies

    Report annually to the DOC regarding number, types, and outcomes of


    complaints received, and length of time to resolve.
    Reporting in the aggregate

    IDR Providers must notify DOC of companies that fail to resolve


    Privacy Shield related complaints.

    Privacy Insight Series


    - truste.com/insightseries
    v

    16

    Impacts on Business
    Companies face stronger obligations for data transfers
    Increased risk stemming from 3rd party processors, partners,
    and vendors
    Privacy Shield language needs to be added to contracts,
    and be provided to the DOC upon request
    Companies must respond to disputes faster through
    additional channels
    Increased regulatory focus
    Companies must document, maintain records and deliver
    reports on their compliance efforts

    Privacy Insight Series


    - truste.com/insightseries
    v

    17

    Levels of Third Party Assistance

    18

    Verification

    Assessment

    Dispute
    Resolution

    Dispute Resolution mechanism (non


    HR)

    Dispute Resolution Seal/Button (non


    HR)

    Comprehensive Assessment
    Customer and / or HR Data

    Online Asset Review and Scanning

    Findings Report

    Searchable Audit Trail

    DOC Registration Assistance

    Ongoing Guidance

    Remediation Assistance

    Verification Seal

    Verification Letter of Attestation

    Verification Listing for DOC

    Privacy Insight Series


    - truste.com/insightseries
    v

    18

    Looking Forward
    Caitlin Fennessy, Senior Policy Advisor, Privacy & Data Flows Team,
    Department of Commerce

    Privacy Insight Series


    - truste.com/insightseries
    v

    19

    Looking Forward

    How was the Framework designed to remain durable?

    The GDPR
    European Court of Justice

    Cooperation with EU DPAs

    Privacy Insight Series


    - truste.com/insightseries
    v

    20

    20

    Contacts
    Chris Babel

    Privacy Insight Series


    - truste.com/insightseries
    v

    cbabel@truste.com

    21

    Thank You!
    Details of our 2016 Summer/Fall Webinar Series are now available. Register
    now for our next webinar on August 18 Brazil & Beyond: Privacy Trends in
    Latin America
    See http://www.truste.com/insightseries for the 2016 Privacy Insight Series
    and past webinar recordings.

    Privacy Insight Series


    - truste.com/insightseries
    v

    22

    You might also like