TrustArc speaking at IAPP Canada Privacy Symposium 2019

Personal data makes so much possible in technology, and health care, and marketing, and retail, and… where does privacy fit in? Explore that question and more by attending the IAPP Canada Privacy Symposium 2019. This year’s symposium features two days of breakout sessions focused on the challenges of deriving value from personal data while protecting individual rights. Hear advice on fundamentals such as breach response, privacy/data security synergy, data localization and anonymization, and vendor management. Look ahead to policy developments that will influence privacy practice.

TrustArc is proud to have several speakers at this month’s IAPP Canada Symposium in Toronto! Our speakers will cover everything from Canadian/American/European privacy regimes to global data incident response management plus global regulatory developments impact on Canada:

Don’t miss this opportunity to gain valuable insight from the industry’s top thinkers! To learn more about this conference, check out the entire IAPP Canada Privacy Symposium 2019 schedule and program. Find out what other events TrustArc will be at in 2019 here.


TrustArc Participates at Practicing Law Institute in San Francisco

TrustArc was honored to be invited to serve as faculty for the Practicing Law Institute (PLI)’s 20th Annual Institute on Privacy and Data Security Law on May 6-7 in San Francisco.  Before an audience of attorneys representing a wide array of industries and private practice, the days’ sessions covered topics ranging from complying with the California Consumer Privacy Act, to addressing cybersecurity readiness, to insights from regulators, to ethical considerations for privacy and info sec attorneys, to vendor risk management.  

Hilary Wandall, SVP, Privacy Intelligence and General Counsel, presented on a panel entitled “Beyond GDPR – Privacy and Data Security Compliance Around the World.”  The session featured a discussion of the privacy and security landscape outside the European Economic Area, addressing recent developments in Brazil and Latin America, India and Asia, Africa and the Near East, and other non-EU jurisdictions with new data protection laws.  

Some of the topics addressed during the session involved data localization requirements in Russia and Belarus; non-EU laws in Europe that do not recognize legitimate interests; the fact that of the 23 privacy laws in the Africa/Near East region, half were revised or enacted within the last 5 years; the fact that of the 20 privacy laws in the Americas, two-thirds restrict cross-border transfers (and three of which provide for a “right to be forgotten”); and China’s approach to privacy and security with its numerous sector-specific laws plus the Cyber Security Law’s application to operators of “critical information infrastructure.”  With these variations and others in mind, Hilary shared real-world insights on how to build, implement and demonstrate the effectiveness of a global privacy and data governance program for an organization of any size.

Darren Abernethy, Senior Counsel, presented on a panel entitled “GDPR: One Year Later.”  The session looked at the major developments and takeaways from the first year of GDPR activity–and reading the tea leaves on what is likely to come.  The session delved into clarifying extraterritorial reach, the status of available options for cross-border data transfers, enforcement trends and the current state of EU Member State GDPR implementations.  Audience engagement was high, as participants brought their toughest home-grown questions to the panel.

Some of the topics addressed during the session included thinking through proportionality in authenticating the identity of a data subject access requestor by using information contained within Article 30 records of processing activities, and how to respond to a DSAR in the advertising technology industry where directly identifiable personal information is lacking; the latest interpretive guidance of the European Data Protection Board, including around the use of contractual necessity as a legal processing basis and the interplay between the GDPR and ePrivacy Directive; developments in how to understand the “one-stop shop” principle in light of recent enforcement cases; how to deal with “Brexit” with respect to Privacy Shield and GDPR compliance; and likely supervisory authority priorities for the rest of 2019.


For further practical privacy and risk management knowledge derived from TrustArc’s two-plus decades in the global privacy space, sign up for TrustArc’s free Privacy Insight Series educational resources, webinars and updates, or contact TrustArc to learn how our certifications/assurance programs, consulting services and privacy technology solutions can help improve and automate your privacy program today.


TrustArc at International Privacy + Security Forum

TrustArc at International Privacy + Security Forum

TrustArc is proud to be sponsoring, speaking and exhibiting at the International Privacy + Security Forum this week in Washington, DC. The International Privacy + Security Forum brings together global leaders in privacy and security to discuss how these two important topics impact the real world. This event will bring together privacy professionals, security professionals, chief information officers, attorneys, academics, experts from NGOs & thinks tanks, technologists, and policymakers from all over the world.

Several TrustArc privacy experts will be session speakers during the International Privacy + Security Forum:

Hilary Wandall, Chief Data Governance Officer, General Counsel & Corporate Secretary, TrustArc
“Building a Privacy Program to Accommodate Evolving International Laws: From the GDPR to the CCPA to Brazil to China and Beyond” April 4th – 8:50am
With fellow speakers:

  • Heather Egan Sussman, Global Co-chair, Cyber, Privacy & Data Innovation Practice, and Leader of Boston Office, Orrick Herrington & Sutcliffe
  • Alisa Hall, Director, Global Privacy & Privacy Compliance, eBay
  • Phil Armstrong, Attorney, Privacy and Regulatory Affairs, Microsoft

Josh Harris, Director, International Regulatory Affairs, TrustArc
“The APEC Cross Border Privacy Rules” April 4th – 11:30am
With fellow speakers:

  • Gerald Smith, Director, Privacy & Risk, Asurion
  • Robert Holleyman, Partner, Crowell & Moring

K Royal, Senior Privacy Consultant, TrustArc
“Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability”
April 4th –  2:30pm

With fellow speakers:

  • Margaret Gloeckle, VP, Privacy & Compliance Counsel, A+E Networks
  • Debra Bromson, Assistant General Counsel, AAA Club Alliance
  • Victoria Beckman, Partner, Frost Brown Todd

TrustArc will also be exhibiting at the International Privacy + Security Forum. Stop by the TrustArc table to learn more about our privacy compliance solutions for the GDPR, CCPA, and other global privacy regulations!


TrustArc IAPP Europe Data Protection Congress 2018 – Event Recap


Last week, TrustArc proudly sponsored IAPP Europe Data Protection Congress 2018 in Brussels!  Data protection professionals from around the world gathered together to discuss GDPR era experiences, challenges and solutions during the two day conference. The event provided ample opportunities for learning and networking with industry experts.

On Wednesday, TrustArc Director, International Regulatory Affairs, Josh Harris spoke on “APEC-EU Work on Certifications: Using CBPRs to Facilitate GDPR Compliance.”  He was joined by fellow panelists Satoru Hamaguchi (Personal Information Protection Commission Japan), Merel Schwaanhuyser (Accenture), Michelle Sylvester-Jose (International Trade Administration), Isabelle Vereecken (European Data Protection Board) and moderator Bojana Bellamy (Centre for Information Policy Leadership). The panelists discussed CBPR & PRP requirements and robustness of the certification process, and the benefits to organisations for compliance.


On the Little Big Stage, TrustArc Solutions Consultant Julian Hicks spoke on “Simplifying Privacy Management through Automation and Intelligent Technology.”  Julian demonstrated how technology solutions like TrustArc Data Flow Manager can help companies manage privacy risks and GDPR compliance.


TrustArc CEO Chris Babel spoke on “Quantifying GDPR Operations” on Thursday with IAPP Content Director Sam Pfeifle and GFT Technologies CPO Ernst-Oliver Wilhelm.  The group discussed freshly collected data, analyzed the findings, and examined the future of managing all of the various GDPR tasks. To learn more about the TrustArc / IAPP research, download “How Privacy Tech is Bought and Sold” here.


Looking for a solution to manage privacy compliance? Schedule a demo today!


TrustArc at Data Protection World Forum 2018


TrustArc had the pleasure of participating in Data Protection World Forum last week at Excel London. TrustArc proudly sponsored the GDPR Advanced Theatre and the GDPR Refresh Theatre at the event.  TrustArc SVP of Sales & Consulting Eleanor Treharne-Jones spoke on “Fit for GDPR: Lifestyle not a Sprint” and “What next? Continuing the GDPR compliance Journey.”

The “Fit for GDPR: Lifestyle not a Sprint” session discussed findings from the GDPR Benchmark Research.  Eleanor explored the current GDPR compliance status results which showed that as the 25 May GDPR deadline hit, 80% of companies were still working on GDPR compliance.  Furthermore, research showed that 27% of EU respondents were fully compliant versus only 12% in the US. Eleanor outlined the top motivation factors when it comes to GDPR  compliance: meeting customer expectations / requirements, supporting our company values, and meeting partner or other third-party expectations / requirements. To learn more about the research examined in this session, download the 2018 GDPR Compliance Status.


Eleanor also discussed the evolution of global privacy requirements, such the California Consumer Protection Act (CCPA) set it go into effect on 1 January 2020.  The act broadly expands rights of consumers and requires businesses within scope to be significantly more transparent about how they collect, use, disclose and sell personal information.  Eleanor stressed that all “in scope businesses” need to enhance data privacy management practices, expand individual rights processes, and update privacy policies by the deadline. To learn more about the CCPA, view the Guide to CCPA Compliance.