TrustArc’s Nymity Awareness Tracker Enables Privacy Knowledge Across Entire Business

TrustArc announced major updates to Nymity Awareness Tracker, the first compliance solution on the market to streamline contextual privacy awareness across an entire business. Privacy legislation such as the General Data Protection Regulation (GDPR) in Europe and the upcoming California Consumer Privacy Act (CCPA) in the US have elevated the visibility of privacy professionals in the corporate world. However, many still feel confused about which privacy rules apply to them and the teams they support. With the Nymity Awareness Tracker, employees can hone in on areas of legislation that are relevant to their role and location and receive tailored updates that are easy to understand.

Awareness Tracker provides simple, one-stop access to privacy awareness learning, helping to reduce risk while increasing engagement, knowledge and accountability across an entire organization. With gamification elements designed to make privacy learning fun, its mission is to empower privacy champions at every level of the business.

Key benefits of the Awareness Tracker include:

  • The ability to maintain awareness across the organization in a few minutes each week
  • Engaging infographics and visuals to support the learning process
  • The power to reward Privacy Champions with status as their knowledge improves
  • Built in user feedback to continually improve the content relevance by audience
  • CPE credits

“Privacy compliance is complex, ever changing and can often seem overwhelming,” said Terry McQuay, TrustArc Vice President, Knowledge & Intelligence Solutions and Founder of Nymity. “Awareness Tracker makes privacy regulations and concepts easy to understand for business units whose primary responsibility is not privacy. Businesses need tools to help their teams navigate the ever-changing privacy legislative landscape. Awareness Tracker helps them do this, allowing businesses to empower Privacy Champions in an engaging and fun way.”

To learn more about Awareness Tracker, click here.

TrustArc recently announced the acquisition of Nymity – click here to learn more.

The Giant Awakens – China’s Cybersecurity Law (CSL) and Data Protection Obligations

While many of us were focused on the European Union’s GDPR and California’s Consumer Privacy Act (CCPA), the giant on the other side of the world implemented China’s Cybersecurity Law (CSL) in June 2017. While CSL laid out broad data protection principles, there were noticeable gaps related to implementation and overall scope. To operationalize and further clarify CSL scope, the Chinese government instituted six systems: the Internet Information Content Management System; the Cybersecurity Multi-Level Protection System (MLPS); the Critical Information Infrastructure Security Protection System; the Network Products and Services Management System; the Cybersecurity Incident Management System; and the Personal Information and Important Data Protection System.

While it is important for foreign businesses to review all aspects of CSL and the six systems, TrustArc has helped clients focus in on the implications of the Personal Information and Important Data Protection System. Specifically addressing the following regulations:

  1. What are the requirements to store certain information (including negative list) inside China and at what level of required security measures (e.g., Ministry of Public Security [MPS] Regulation)?
  2. What procedures and reviews are needed before transferring certain information out of China (e.g.,Cross-Border Data Transfer)?
  3. What are the required notice and consent requirements when collecting personal data?
  4. What are the MPS requirements in reporting a cyber incident within 24 hours?
  5. What does the Cyberspace Administration of China (CAC) require in the security assessment report annually?
  6. Data subjects have what individual rights under the PI Security Specification?

For more than 20 years, TrustArc has worked with the world’s largest and most successful brands to find innovative solutions to data privacy challenges. Headquartered in San Francisco, and backed by a global team, we help clients worldwide demonstrate compliance, minimize risk, and build trust. Using a combination of consulting expertise and powerful technology, TrustArc will help your team address privacy issues and meet global compliance requirements. Learn how TrustArc Privacy Consulting can help you build and manage your privacy program. Schedule a consultation today!



Privacy Issues Connected to Cars


Image from

Connected cars can connect to devices, other cars, or networks that are inside or outside of the car. For example, connected cars can use a driver or passenger mobile device to conduct hands free phone calls. Other examples include: navigation apps, music streaming, or wifi hotspots. Some apps can even use connected cars’ cameras to find open parking spots for drivers. As infotainment centers and features in cars become more advanced, they collect more personal information.

While the examples above show how driving experiences can be enhanced for drivers and passengers, companies can also reap benefits from collecting the data.

Government organizations such as the FTC and the National Highway Traffic Safety Administration (NHTSA) can use connected cars’ data to enhance safety, and protect the environment. One feature that can help protect drivers are vehicle to vehicle communication systems (V2V), which wirelessly exchange information to warn drivers of potential crash risks.

Companies that are developing self-driving cars need to use connected cars’ data to “teach” driverless cars things like how to look for road signs, traffic lights, and lane lines. Information about drivers and passengers can also be used for marketing purposes, such as suggesting places to eat or shop on the car’s usual driving routes. Automakers such as Ford and GM already use car data in conjunction with third parties to offer car drivers special perks and discounts on third party services.

The predictions for connected cars, and more importantly, their data, are overwhelmingly optimistic. A  BI Intelligence report on connected cars predicts that over 380 million connected cars will be on the road by 2021. With all of the connected cars comes a lot of connected car data. Fortune magazine predicts that by 2020, autonomous vehicles will generate about 4,000 gigabytes of data a day. According to Intel, that much data would normally be generated by about 3,000 people through use of their PCs, mobile phones and other wearable technology. That data will be monetized. At the LA Auto Show, Intel CEO Brian Krzanich announced that “data is the new oil.”

As new connected car technology advances and companies have greater monetary incentives to process the data, privacy and transparency should be considered. Many car companies operate on a global scale, so it is likely that international privacy regulations, such as the EU GDPR may apply.

Data Privacy Day 2013 Events


January 28th is International Data Privacy Day (#DPD2013 on Twitter) and, in its celebration, we are participating in several events next week.

———January 28th
We kick off the week with IAPP Privacy After Hours. There’s no agenda, just show up at Jillian’s in San Francisco, from 5:00-7:00 PM. Have a good time and get to know other local privacy professionals.

———January 29-30
Next up, in conjunction with the  San Francisco  Mobile Marketing  Association (MMA) Forum,   TRUSTe Director of Product Policy, Joanne Furtsch will host the MMA Privacy Committee meeting.  The MMA Forum is a two-day event that will inform visitors on how to effectively infuse mobile into a brand’s broader marketing strategy.

———January 30
TRUSTe CEO Chris Babel will participate  in  interactive panel  discussion at the Seattle OTA Data Privacy Day Town Hall. Panel speakers include leaders in public policy, privacy, consumer protection and cybercrime law enforcement. The panel will cover innovation in privacy and impact on business.
Later in the week, stay turned for some exciting news at the San Diego DistribuTECH Conference, the energy industry’s leading smart grid conference and exposition. (more…)

10 Important Questions about Privacy as we head into 2013

Saira Nayak
Director of Policy, TRUSTe

blankPhoto Source

In 2012, privacy went mainstream.

Issues that were previously the sole province of policy wonks became part of the national discussion: the Petraeus-Broadwell scandal (email privacy and ECPA reform), relaxed FAA restrictions resulting in the use of drones by law enforcement (limits on government surveillance, more ECPA reform) and the very successful role of big data and microtargeting in the 2012 elections (OBA compliance anyone?).

As we start 2013 with privacy firmly ensconced in the national consciousness, important questions – about how privacy policy and enforcement should be framed- remain unanswered.

Here are the questions we think will continue to loom large for consumers, industry and policymakers in 2013:

1. Should law enforcement be required to get a warrant before accessing my emails and texts?

The Petraeus-Broadwell episode demonstrated how easily the government can gain access to electronic communications (texts, email) without an individual’s knowledge or permission. Shortly after the story broke, legislation requiring a warrant for access to an individual’s electronic communications advanced with bipartisan support in the House and Senate. The bill should have a good chance this year, but that all depends on whether privacy will have visibility and bipartisan support in the 113th Congress.] (more…)

TRUSTe Privacy Pioneers and Mavericks Series: UK ICO David Smith Talks Data Privacy with TRUSTe’s Saira Nayak

TRUSTe Pioneers and Mavericks - David Smith

Continuing our celebration of thought leaders and innovators in the data privacy industry, we are delighted to release our 2nd interview in our recently announced TRUSTe Privacy Pioneers and Mavericks Series. David Smith, Deputy Commissioner of the UK’s Information Commissioner’s Office (ICO) sat down with TRUSTe’s Saira Nayak to gain his perspectives on data protection – both as a UK regulator and a member of the Article 29 Working Party – and to discuss those important incentives that underlie effective privacy protection for both consumers and businesses in all jurisdictions.

When asked about the UK’s approach to compliance with the Cookie Directive, he explained that

“you might call it a ‘risk-based approach.’ The extent of action we as an enforcement authority would take depends on the risk to privacy. The more risk that there is detriment to an individual including not just financial endangerment, but also emotional upset or distress, the more seriously the need for action becomes.” (more…)