Dave Deasy, SVP Marketing (center) accepting the award on behalf of TRUSTe (Photo credit: Jason Doiy)
We’re excited to announce that TRUSTe Assessment Manager has been named a 2016 Legaltech Innovation Award Winner for Risk Management. The annual Innovation Award program now in its 15th year, recognizes the best in legal technology leaders, products, and projects across the legal community.
TRUSTe Assessment Manager transforms how legal departments assess, analyze, and remediate global data privacy management risks. It was purpose built for privacy teams and developed with the input of global businesses and legal professionals spanning a range of industries. The first dedicated SaaS privacy assessment solution in the market. Assessment Manager brings the benefits of automation to the privacy industry. Previously legal teams relied on manual tools such as spreadsheets, email or retrofitted GRC systems to address the unique nuances of privacy risk management.
TRUSTe Assessment Manager comes pre-loaded with over a dozen templates to address popular use cases, including the EU General Data Protection Regulation, Vendor Risk Management, Breach Notification, and Privacy Impact Assessments. The Platform is used by hundreds of companies either directly or with assistance from TRUSTe Global Privacy Services team across all industries including pharma, healthcare, technology, and consumer products organizations
Nominations for the Legaltech News Innovation Awards, were made by the publication’s more than 40,000 readers; and a panel of judges comprised of Legaltech News and The Recorder editors selected the winners from hundreds of candidates.
Xiaomi, the Beijing-based leader in smartphone, electronics and services, is the latest global company to choose the TRUSTe Assessment Manager platform to bring increased efficiencies and scale to their privacy program. Xiaomi will use the platform to perform ongoing Privacy Assessments and PIAs for the MUIU operating system and other services in the quest to bring Privacy by Design into the mobile architecture and product set.
Under the partnership TRUSTe has also assessed and certified that Xiaomi’s mobile operating system MIUI (and its native apps), cloud services and e-commerce websites all abide by TRUSTe’s privacy standards. The company has had a full review of its privacy practices and worked to ensure all mobile applications that collect sensitive information are encrypted, that all payment pages have the proper encryption to protect users’ sensitive information and application permissions are limited to only what was needed to operate on a user’s device.
The certification process helps to ensure Xiaomi is transparent and accountable to the practices outlined in the company’s privacy statement. TRUSTe Assessment Manager enables Xiaomi to maintain these privacy commitments, demonstrate compliance and assess the privacy impact of new product releases. This will simplify the process of maintaining the certification going forward and help Xiaomi achieve various global compliance targets efficiently.
“With this privacy certification, Xiaomi is demonstrating our deep concern for user privacy,” said Baoqiu Cui, Chief Architect at Xiaomi. “User privacy is always our top priority, and the Privacy by Design approach has been incorporated into our product design process. As of today MIUI has over 200 million users, and our e-commerce website has even more. Getting both MIUI and the e-commerce website certified is a huge milestone, not only for the company, but also for our users. With the TRUSTe certification, our users have even greater peace-of-mind knowing their data is well protected.”
“TRUSTe Assessment Manager and Privacy Impact Assessment process can help us meet our privacy compliance requirements much more efficiently. Efficiency is very important for a fast growing product like MIUI, whose developer’s build is released every week and stable build is released every month.” said Baoqiu.
Read further details in our press release here
Privacy professionals, EU regulatory experts and Silicon Valley business leaders convened on Tuesday, Dec. 8 to discuss the impact of the soon-to-come EU General Data Protection Regulation (EU GDPR).
The all-day event on Tuesday, “EU Data Protection 2015 – Regulation Meets Innovation” featured six breakout sessions, four panel discussions and keynote presentations from Giovanni Buttarelli, European Data Protection Supervisor and Andrea Glorioso, Counsellor for the Digital Economy, EU Delegation to the U.S.
At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month.
The big story in privacy this month was the ruling by the Court of Justice of the EU (CJEU) that the current U.S.-EU Safe Harbor Program is no longer a valid method for ensuring adequacy under EU Data Protection Directive 95/46/EC for international data transfers. We covered this topic in a webinar and a Q&A sheet. Check out the list below to see what we covered on the blog this month:
Next Steps Following the EU Court of Justice Ruling on U.S.-EU Safe Harbor
This significant change in data protection law removes an established data transfer compliance mechanism that has been in place since 2000 and relied on by more than 4,000 U.S. companies. This ruling causes a period of uncertainly for businesses until the Department of Commerce and the European Commission can agree and put a new U.S.-EU Safe Harbor framework in place.
U.S.-EU Safe Harbor – What’s Next?
This webinar addressed the recent ruling as well as data transfer alternatives. Speakers Andrea Glorioso and Aymeric Dupont from the European Union Delegation to the USA, along with TRUSTe CEO Chris Babel, discussed these options and answered attendees’ questions.
What the CISO Needs to Know About Data Privacy
This webinar recap reveals some of the findings from Forrester Research regarding how companies handle privacy internally and what CISOs need to know. Forrester Research Senior Analyst Heidi Shey shared this research and discussed its implications with TRUSTe CEO Chris Babel. Heidi used the research to identify four types of organizations based on how they handle privacy as well as provided insight into how companies plan to handle data transfers.
This month in the Privacy Ecosystem series:
Meet the Leading Players in the Privacy Ecosystem: Cooper Quintin, Staff Technologist, Electronic Frontier Foundation
What else would you like to read about on the TRUSTe blog?
Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
DataGuidance is a hub of data privacy intelligence, sourced from the world’s most renowned experts in 170+ countries. Our role in the privacy ecosystem is to be the global centre for information on privacy, whether it’s giving access to relevant laws, local ‘best-practice’ or allowing people to compare requirements in multiple jurisdictions.
What key goals/issues is your organization focused on tackling?
The primary goal is giving first-class support to privacy teams, which we know can be hugely diverse. They need the best information possible, so it is a huge responsibility. We talk to the privacy community all the time, so that we can deliver information and innovative tools that help people solve the day-to-day issues they face.
We’ve been hearing a lot from our clients regarding the practical difficulties they’ve been facing with regards to employee monitoring. As a result, we did a lot work around this and developed a specific tool to help privacy pros understand the legal requirements they are faced with. It’s an issue that touches a nerve with everyone, as there are so many valid and complex needs to satisfy from each stakeholder. For me, it’s an issue that embodies privacy’s importance to businesses, societies and citizens, so it’s crucial we all get it right.
Aside from that, probably the biggest on the horizon is the GDPR, how organisations can compare EU and global requirements; we’ve got lots of very exciting plans for that. In addition, we continually see issues surrounding data transfers, breach notification, direct marketing, data retention and consent; the list goes on!
How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?
We’re living through an incredible period, in terms of how technology is changing the world. One major consequence of technological change that I’ve noticed over the last few years is how businesses speak about customer experience. Like the best internet companies, we put a huge focus on making sure people get value every time they login to DataGuidance.
Technology is constantly driving up expectations; the fact that people have 24/7 access to apps with fantastic functionality mean that our own product needs to constantly evolve. In short, today’s privacy professionals expect to quickly find valuable information that helps them do their job better.