TrustArc General Counsel and Chief Data Governance Officer Hilary Wandall Panelist at Personal Data Protection Seminar 2018

TrustArc General Counsel and Chief Data Governance Officer Hilary Wandall had the pleasure of being a panelist at this year’s Personal Data Protection Seminar on July 25th, 2018 in Singapore.  

As data-driven innovations take centerstage in today’s digital economy, responsible data governance and accountability are crucial anchors for the sustenance of a thriving data ecosystem.  The theme for this year’s Personal Data Protection (PDP) Seminar – “Powering Innovation Through Trust” – reflected the importance of these factors in building trust for innovation.

Similar to last year, this year’s event featured two panel discussions in the morning, followed by concurrent workshops in the afternoon. The panels, comprising a line-up of distinguished local and international speakers, shared their views on the importance and challenges of demonstrating accountability in data management, as well as the role of data as both an asset and enabler of technology and innovation.

Hilary contributed on Panel Session 1 – “Trust and Accountability in Data Management for Business Competitiveness.”  She was joined by fellow panelists Bojana Bellamy (Centre for Information Policy Leadership), Alison Howard (Microsoft Corporation), Lorraine Lee (International SOS), and moderator Trevor Hughes (International Association of Privacy Professionals).  

Check out other TrustArc events here!

Hilary Wandall, GC and Chief Data Governance Officer at TrustArc, Talks GDPR on KTVU

Last week, TrustArc General Counsel and Chief Data Governance Officer, Hilary Wandall, spoke with KTVU’s Gasia Mikaelian to discuss the changes surrounding the GDPR which went into effect last Friday, May 25th. From inboxes being flooded with privacy policy updates to the impact to retail businesses – there was a lot to discuss.

The GDPR has gained a ton of attention recently as consumers’ inboxes have been packed with emails from companies concerning their privacy policies.  While some of these emails may require an action on behalf of the consumer, Hilary noted that most of these emails are simply outlining the new updates to their privacy policies, as a result of the GDPR coming into effect.  

On a more general level, Hilary explained that the new regulation requires a number of things: companies will need to ensure they are managing individual rights more broadly (Articles 15-22); companies will need to have much stronger protections in place for being transparent (Articles 5, 12); and they’ll need to inform people about their lawful basis for processing individuals’ data (Articles 13, 14).

So how does this affect companies and consumers in the US?  Hilary noted that many of the US companies TrustArc helps are proactively expanding these protections to the US citizens they interact with, even though they are not required to do so under the GDPR.  She also explained that it’s unlikely that we will see any large privacy regulations in the US like the GDPR, because of the way our government is structured. The US does not have a single regulator for privacy laws, but instead has sectoral laws, such as healthcare privacy laws, financial privacy laws, and state laws.  

Many are asking whether the GDPR is harmful to retail businesses who rely heavily on advertising and marketing.  The GDPR allows companies to be innovative in different ways. Businesses should be thinking of privacy as a business strategy instead of just privacy policies or practices.  Hilary mentioned the benefits of businesses taking a Privacy by Design (Article 25) approach in the way they interact with customers – making privacy a part of business decision-making and part of technology offerings.  

Have additional questions about the changes under GDPR? Schedule a demo of our GDPR Solutions.

Link to video

GDPR: DPIAs & Risk

TrustArc Privacy Solutions dashboard


TrustArc Chief Data Governance Officer and General Counsel Hilary Wandall and Information Accountability Foundation (IAF) Executive Director and Chief Strategist Marty Abrams held a webinar where they spoke about the background, requirements, and examples of DPIAs, available on demand here.

GDPR Requirements for DPIAs

First, they reviewed how the first privacy assessment methodology was developed and how comprehensive data impact assessments originated to illustrate the evolution of privacy assessments.

Then, they went on to explain how the newly required DPIAs differ from traditional PIAs. While traditional PIAs focus on technical requirements for compliance, DPIAs bring in larger ethical issues. Technical requirements focus on the risk to the organization by looking at whether the organization is complying with the technical implementation requirements of privacy laws and frameworks. The risks could be reputational losses, breaches, or reputational hits by the media. Some examples of the technical implementations to avoid these risks include: privacy notices, honoring opt outs, having a security program, and having a program to deal with security breaches. Larger ethical issues go beyond the technical requirements and take into consideration whether the processing of the data will create value for others in addition to the organization.

The GDPR links the fundamental rights of the individual to data protection because it provides individuals the right to autonomy where it is appropriate, and the right to fair processing. It requires organizations to have a legitimate interest for processing data, which requires the organizations to balance their interests with those of the data subjects.

To help organizations deal with the new concept of benefits being balanced against risk, TrustArc is working with the IAF to develop a DPIA construct. It will help organizations understand the benefits that come with the processing. The DPIA process will be powered by the TrustArc Platform providing a systematic scalable approach and workflow for completing DPIAs and creating the documentation required to track issues, mitigate risk, and demonstrate what protections are in place to protect the rights of individuals in the event the organization must consult with an EU DPA.   

Finally, the webinar wrapped up by showing how the DPIA process can fit into a larger enterprise risk management program by using the real life example of employee monitoring.

If you were unable to attend the webinar, you can still watch it on demand. To learn more about TrustArc DPIA solution or GDPR solutions, contact us.

Privacy Risk Summit 2017 – Highlights

More than 250 privacy professionals gathered in the heart of San Francisco this week to discuss the challenges they face in managing emerging privacy risks and share strategies for success. They enjoyed a packed day of inspiring panels, expert breakout sessions and, of course, networking to acquire new ideas and practical advice to take back to the office.

The Privacy Risk Summit brought together over 45+ speakers across 20 sessions and 4 parallel tracks. Hilary Wandall, TrustArc General Counsel & Chief Data Governance Officer, provided a captivating welcome and opening remarks.

The TRUSTe Privacy Risk Summit – Highlights

Kai Westerwelle, Partner at Taylor Wessing (US) Inc., Sooji Seo, Global Privacy Program Director at Dell Technologies, Pamela Garay, Asst. Vice President & International Privacy Officer at Assurant Inc., and Charles Nwasor, Director, Global Assurance & Advisory at Ensono kicked off the Summit with a panel about Managing GDPR Implementation in a US-owned International Company.

This year a special focus was given to the impending EU GDPR, as the compliance deadline is less than one year away.

The Conference was full of great networking opportunities too.

Our sponsors for the event were available throughout the day to provide solution demos or to have a quick conversation. High level overview of these important solutions: HyTrust – making private, public and hybrid cloud infrastructure more trustworthy; MediaPro – award-winning privacy awareness content aligned to the highest standards of the GDPR; RADAR – breach guidance & decision-support software to simplify incident response & compliance with breach notification laws; and eSentire – managed detection and response, protecting you from the threats that other technologies miss.

Lunch was sponsored by Anonos and conference partner Women in Security and Privacy (WISP) provided a lunchtime gathering where attendees and speakers came together to network and learn about upcoming events.

Our customers, current employees, and past employees all came together to celebrate a successful event.

This year was very special because after the event, Chris Babel, CEO, announced that TrustArc is the new TRUSTe. Our new name reflects our evolution from a privacy certification company into a global provider of technology powered privacy compliance and risk management solutions.  We announced this change at the Privacy Risk Summit because it coincided with our 20th anniversary of delivering innovative privacy solutions. To learn more, you can read this blog post: TRUSTe Transforms to TrustArc.

To read about future TrustArc events, visit our upcoming events page or subscribe to the TrustArc blog.


Learn How to Operationalize Privacy

The RSA Conference is right around the corner! If you will be attending the Conference, make sure to come say hello at one of the following:

North Expo Exhibit Hall, Booth #N3116 – Monday, February 13 to Thursday, February 16 
Get a demo of the new TRUSTe Data Inventory Manager Solution, our cutting edge technology combined with expert consultant know how and guidance to help you meet GDPR requirements.

Get a Free Pass. 
Register for a complimentary Exhibit Hall Only Pass by 2/16. Visit the RSA registration page and enter code XE7TRUST.

TRUSTe Speaking – Monday, February 13, 1:00 pm
“IAPP: The New Technological Approach to Privacy”
TRUSTe General Counsel & Chief Data Governance Officer Hilary Wandall will be joining IAPP and friends to discuss how privacy is entering its next evolutionary phase with technological approaches and solutions. In order to operationalize privacy, and help it work side by side with cybersecurity, organizations needs frameworks and tools that allow for controls and automation.

TRUSTe Speaking – Thursday, February 16, 10:30 am
“A Hard Privacy Impact Assessment: Monitoring and Protecting Children Online”
In this lab, TRUSTe General Counsel & Chief Data Governance Officer Hilary Wandall will be joining John Elliott, Head of Payment Security at easyJet to help attendees develop a privacy impact assessment (PIA) for a system that monitors online chat behavior with the aim of keeping children safe online, balancing individual rights with preventing crime, perceptions of surveillance and data access.

If you are not attending the RSA Conference then you can give us a call at 1-888-878-7830 to learn about everything new that is happening at TRUSTe and how it can benefit your business.