Privacy laws are 50 years old this year! – which makes this Global Data Privacy Day – or Global Data Protection Day – even more special.
In celebration, TrustArc is launching the Serious Privacy Podcast, because the world needs serious privacy help. The podcast, hosted by Paul Breitbarth and K Royal, will look at the topics privacy professionals are most concerned with and seek to help them maximize their time by delivering key content in different ways. As Paul and K discuss in the pilot episode, the podcast will deliver TrustArc webinars via podcast, seek to capture conference sessions, and host unscripted discussions with privacy professionals on relevant, interesting, controversial, inspiring, or exciting topics.
In this pilot, Paul and K touch on two topics – privacy turning 50 years old and insight into how they got into privacy as a profession and what keeps them here.
It seems surprising that both Europe and the United States passed their first privacy laws. The EU saw its first data protection law ever with the German federal state of Hessen, albeit at regional level. Three years later, Sweden followed with their national Data Act, the first national data protection law. On the US side, the Fair Credit Reporting Act was passed in 1970 addressing a concern of “fairness, impartiality, and a respect for the consumer’s right to privacy” and the US Privacy Act followed in 1974.
Since then, the world has joined in with hundreds of privacy laws being passed and taking some different approaches in enforcement. But the one thing that remains clear…. it is critical that individuals have rights when it comes to their personal information and that businesses take responsibility to protect the data entrusted to them.
The huge jumps in technology and digital data and the increasing number of laws is what drove many privacy professionals to enter the field, by design or happenstance. In the first episode, Hilary Wandall, SVP, Privacy Intelligence and General Counsel joins us to share how she entered privacy along with the career journeys of Paul and K. As you can imagine, the paths share as many similarities as they do differences.
Listen to the pilot episode here.
Please let us know what you are interested in hearing. Email us here: Podcast@TrustArc.com
The podcast reflects what the privacy profession needs, real information, readily available, with convenient timing, and honest discussion of the real topics that matter in privacy and management of privacy programs. Really serious privacy.
TrustArc is excited to announce a major expansion of our award-winning privacy platform to simplify compliance management for the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other privacy regulations. The enhancements include a comprehensive set of dynamic components including regulatory updates, risk scores, program status and other privacy program KPIs accessible through a unified privacy program management dashboard. Our new dashboard streamlines compliance and risk management for privacy, IT and business teams.
The privacy regulatory landscape is changing dramatically and businesses are looking for ways to stay on top of the new requirements. The major catalysts have been the GDPR and CCPA (which goes into effect January 1, 2020), but there have been over 50 additional laws and regulations adopted in the past 12 months, including announcements from Brazil (LGPD), China, Nigeria and over a dozen U.S. states. While the laws and regulations share many common elements, they each require varying levels of support for privacy risk assessments, consent, individual rights, breach response and compliance reports. To make privacy management easier in this environment, having critical privacy and risk metrics easily accessible is key to inform strategic decisions and risk mitigation efforts.
The TrustArc Platform is a modular solution powered by a proprietary privacy intelligence engine, which can manage a broad range of privacy management needs including data inventory / mapping, risk management, assessment automation (PIA, DPIA), website monitoring, cookie consent, marketing consent and individual rights / DSAR. The new dashboard provides a centralized, comprehensive view of cross-program privacy compliance KPIs and actionable insights accessible through a configurable, drag-and-drop user interface. Dashboard features include:
- Regulatory news and insights feed curated by TrustArc privacy experts
- At-a-glance view of critical privacy and risk metrics
- Privacy program maturity level
- Assessment status
- Data inventory status
- Risk scores
- Control effectiveness
- Vendor management
- Task management
- Cross-module design ensures aggregation of key data
- Configurable, drag-and-drop user interface
The new dashboard allows users to easily view actionable privacy KPIs, gain insights to drive risk management efforts, monitor privacy risk as it changes, recognize important privacy trends and make impactful improvements to privacy programs.
For more information, visit: TrustArc Privacy Platform.
CIPL/Irish Data Protection Commission Workshop on Accountability under the GDPR
The Centre for Information Policy Leadership in collaboration with the Office of the Data Protection Commissioner of Ireland will host a full day Workshop event on “How can Organisations Deliver Accountability under the GDPR”.
TrustArc will be in attendance and be exhibiting – stop by to see demonstrations of GDPR technology and solutions.
> Learn more here
The GDPR Salon under the patronage of the Belgian State Secretary for Privacy and the Belgian Privacy Commission will host a day of practical panels that include subtopics that consist of guidance moderation from advisory and practical tooling and solutions on the following topics:
- Best Practices and Tools in Consent Management
- Best Practices and Tools in Privacy Impact Assessment and DPIA
- Best Practices and Tools in Data Protection Technologies
- Best Practices and Tools in Data Leakage, Discovery & Reporting
- Best Practices and Tools in Compliance Management, Audit & Control and Operations
TrustArc’s Sales Director Jonathan Harwood will be presenting in the Best Practices and Tools in Consent Management panel on the “TrustArc Consent Management Implementation”. TrustArc will also be exhibiting – stop by and say hello.
> Learn more here
Computers, Privacy & Data Protection 2018 (CPDP)
CPDP is a conference about privacy and data protection. It offers a forum where different voices are heard and where positions are compared debated, approached or differentiated. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, industry and civil society from all over the world in Brussels, offering them an arena to exchange ideas and discuss the latest emerging issues and trends.
TrustArc CEO Chris Babel and Chief Data Governance Officer, General Counsel & Corporate Secretary Hilary Wandall will be speaking on the panel “The Role of Ethical Analysis in Privacy and Data Protection Assessments”. TrustArc will also be exhibiting – stop by and say hello.
> Learn more here
Privacy Laws & Business International Conference
This conference will address how to ensure that the golden age of innovation does not become the dark age of information privacy. Sessions will show how the apparent car crash between innovation and privacy does not need to be a disaster. At one end of the spectrum, innovation can be the enemy of privacy and at the other end, innovation can be an enabler. This conference seeks willingness on both sides to connect with each other in a civilised manner and to find solutions.
Stop by the TrustArc table near the registration area area to say hi and learn about our GDPR Implementation Solutions.
> Learn more here
IAPP Asia Privacy Forum 2017
Asia’s fast progress toward balancing the challenges of privacy and the free flow of information creates a world of opportunities for your organization. Learn how to seize them at the 2017 Asia Privacy Forum. The Forum is the only conference that brings globally recognized IAPP programming to Asia. Join in-depth explorations of issues and ideas for connecting Asian economies to each other and the world. This year’s Forum also features a special pre-conference workshop to help organisations comply with the GDPR.
TrustArc is a sponsor of this event. TrustArc’s Josh Harris, Director, International Regulatory Affairs will be presenting on the panel “The APEC CBPR System: Growth and Opportunities” on Monday, July 24 at 16:35.
> Learn more here
Chris Babel, CEO
As a father of 3 boys, kids’ online privacy is important to me, as it is incredible where kids can wander and what mischief they can get into online. TRUSTe has been focused on kids’ privacy since we launched our Children’s Privacy Certification program in 2001, shortly after the Children’s Online Privacy Protection Act (“COPPA”) regulations became effective. We updated the program in 2013, after the COPPA regulations were revised. As part of that update to the program, we introduced new processes to help companies understand the tracking taking place on their websites so they can manage and comply with COPPA. While our Children’s Privacy Certification program is not a major part of our business (we currently have approximately 20 COPPA certification customers out of 1,000+ certification customers overall), TRUSTe regards it as an important part of our privacy solutions set – due to the complexity and sophistication of the legislation it addresses, and our ongoing commitment to protecting kids’ privacy.
Today, I’d like to provide some details of our settlement agreement with the Office of the Attorney General of the State of New York (“NYAG”) and our submission to the U.S. Federal Trade Commission (“FTC”) of revisions to enhance our Children’s Privacy Certification Program. The settlement announced today relates solely to the operational practices of our Children’s Certification program – not the vast majority of our business such as TRUSTe’s many other certification, consulting, and technology solutions.
In August 2015, the NYAG began looking into two former participants in our Children’s Privacy Certification Program. As part of this inquiry, the NYAG expressed concerns with how we implemented some operational and technical processes related to how companies monitored tracking on their websites. We have agreed to several COPPA-specific actions – which do not affect our much-broader non-COPPA certification business.
This NYAG inquiry focused on a period prior to the FTC Decision and Order that went into effect March 2015. While the FTC Order did not find issues with TRUSTe’s privacy practices, it does relate to our certification operations, including our obligations under COPPA. Prior to the FTC Order, we had already begun instituting new certification processes and since that time we have continued to improve our policies, processes and governance practices to address evolving regulatory expectations and customer needs.
As part of the NYAG settlement we will continue certain of our established operational and technical processes such as ongoing use of a dedicated technical scan review team to analyze trackers which we implemented in early 2016; to further clarify certain of our specific Children’s Certification program policies; and to clarify operating procedures related to third party tracking technologies, such as an enhanced review and customer commitment regarding third party tracker uses.
As part of our ongoing engagement with the FTC, we have been working with them to update our Children’s Privacy Certification program and look forward to their review of our proposed enhancements that we have submitted.
Whether it’s helping a Fortune 10 company manage their global privacy program with our technology or helping a small US gaming company protect kids’ privacy in their mobile app with a certification, we continually strive to improve our services and technologies in an effort to assist our customers develop, implement and demonstrate privacy compliance globally.
The changes announced today will help us continue this improvement and further assist our clients in achieving their privacy compliance goals.
(For additional details around today’s news, please see the highlights further below.)
If you are looking for additional details on this announcement, here are some additional highlights:
- Our customers, regulators and TRUSTe all operate in an incredibly complex environment – and for two decades, TRUSTe has been committed to promoting trust in how privacy and personal information are protected online. As our business has grown within this environment, so has the complexity of related legislation. In the case of COPPA, the 2013 revisions to the regulations are effective in improving children’s privacy partly because they address the increasing complexity of cross-site tracking and profiling online.
- We take our regulatory relationships and scrutiny incredibly seriously – and the fact is that our work with the FTC and the NYAG helps strengthen our business and the solutions we offer, because such interactions push us to help customers tighten compliance with much-needed legal protections in a fast-moving online world.
- Most of what we have now formally agreed to with the NYAG relates to already well-established business processes that TRUSTe implemented in support of our FTC Order and as part of our ongoing commitment to continually improving our certification and verification programs in response to changing customer needs.
- Our business and the solutions we offer have changed, and will continue to change in response to evolving privacy requirements and expectations. Much has evolved since the years-ago timeframe that was the basis of both regulators’ concerns. Keeping pace with regulatory and other shifts, and delivering regular updates to the solutions we provide, will remain normal course of business for TRUSTe.
- For consumers, if you have an inquiry regarding the privacy practices of a TRUSTe COPPA client or other certification client, please visit truste.com/consumer-resources. TRUSTe provides privacy dispute resolution services to all of our certification clients so that you may raise privacy questions regarding a TRUSTe certified website, mobile application or business practice.