Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network

Share

Steps to prepare for TRUSTe EU certification

  • 1,859 views
Uploaded on

How do organizations provide follow up procedures for verifying that the...

How do organizations provide follow up procedures for verifying that the
attestations and assertions they make about their safe harbor privacy
practices are true and those privacy practices have been implemented as
represented and in accordance with the Safe Harbor Principles?

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,859
On Slideshare
1,858
From Embeds
1
Number of Embeds
1

Actions

Shares
Downloads
9
Comments
0
Likes
1

Embeds 1

http://www.slideshare.net 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. STEPS TO PREPARE FOR TRUSTe EU CERTIFICATION Michelle Hines VP of Sales, TRUSTe Jay Cline President, Minnesota Privacy Consultants
  • 2. AGENDA SAFE HARBOR REQUIREMENTS WATCHDOG DISPUTE RESOLUTION TRUSTE REQUIREMENTS 2
  • 3. WHY THE SAFE HARBOR? • For companies with simple & stable transatlantic dataflows Comparison of EU Data-Transfer Compliance Options
  • 4. FAQ 7 - Verification Q: How do organizations provide follow up procedures for verifying that the attestations and assertions they make about their safe harbor privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Safe Harbor Principles? http://www.export.gov/safeharbor/SH_FAQ7.asp 7
  • 5. FAQ No 11: Dispute Resolution and Enforcement Q: How should the dispute resolution requirements of the Enforcement Principle be implemented, and how will an organization's persistent failure to comply with the Principles be handled? http://www.export.gov/safeharbor/FAQ11FINAL.htm 8
  • 6. DOC SAFE HARBOR LIST http://www.export.gov/safeharbor/sh_overview.html 9
  • 7. DISPUTE RESOLUTION COMPARISON Dispute Resolution Advantage Option EU Data Protection • Public Authorities • Decisions made by a DPA are binding TRUSTe • Information disclosed in Watchdog process is confidential • Transparent, fair and equitable Other governmental Public authorities
  • 8. TRUSTe E.U. SAFE HARBOR SEAL PROGRAM • Launched in 2001 • 145 licensees • Millions of consumers • Notable members: • Verisign • Audible • Harris Interactive • LinkedIn 11
  • 9. TRUSTe CERTIFICATION PROCESS Your organization fills out a TRUSTe contract and self- assessment incorporating all Safe Harbor Privacy Principles TRUSTe conducts an initial site walkthrough and provides a set of written recommendations in the form of a site findings report You implement recommendations on your Web site TRUSTe awards you privacy seals. Display these where you collect information to build confidence with customers TRUSTe ensures ongoing compliance and monitoring with MAXAMINE scanning and the TRUSTe Watchdog Dispute Resolution System 12
  • 10. TRUSTe FACILITATES SMOOTH SELF-CERTIFICATION TRUSTe helps Letter of companies verification to fulfill the safe self-certify harbor with DOC principles Offers 3rd Provides a Party Dispute consumer Resolution facing seal with the demonstrating Watchdog EU Program compliance 13
  • 11. EU SAFE HARBOR REQUIREMENTS – ADDITIONS TO COMPLIMENT WEB PRIVACY SEAL Disclosure in privacy statement that company complies with the EU Safe Harbor Framework. Disclose in privacy statement timeframe in which company will respond to an access request for the purpose of correcting and updating inaccuracies. TRUSTe requires Program Participants to respond within 30 days. Provide a mechanism to request deletion of inaccurate data and disclose in the privacy statement how to request deletion. 14
  • 12. TRUSTe EU SAFE HARBOR SEAL PROGRAM WATCHDOG DISPUTE RESOLUTION • Free of charge to consumers • Easy-to-use online form • Transparent, fair and equitable • Complaints for offline data can be submitted by mail or fax • Monthly Watchdog reports available on TRUSTe Web site • 86% would recommend using Watchdog to a friend 15
  • 13. WATCHDOG COMPLAINTS • Resolve approximately 5,000 per year directly – Also offer “self help” through Web site • TRUSTe works with consumer and the sealholder to resolve issues • Critical input to monitoring process • Watchdogs can assist in identifying trends – potential threats • Goal: Improve Consumer Trust Note: TRUSTe Watchdog Complaints 16
  • 14. EXAMPLES OF TRUSTe WATCHDOGS 1. A complainant filed a complaint against an EU-Online sealholder indicating that someone else had created an online profile pretending to be them. TRUSTe forwarded the complaint to the sealholder, and the sealholder deleted the profile as requested. 2. A complainant filed a complaint against an EU-Online sealholder requesting that they be unsubscribed from all mailings. TRUSTe forwarded the complaint to the sealholder, and the sealholder promptly replied that they had processed the unsubscribe request. 3. A complainant filed a complaint that they were unable to close their account because they are no longer at the e-mail address they used to create their account. TRUSTe forwarded the complaint to the sealholder, who quickly responded and notified TRUSTe that they had closed the account. 17
  • 15. COMPLIANCE AND ENFORCEMENT TOOLBOX • Certification: – 90% improve practices • Watchdog Dispute Resolution – 100% resolution • Proactively monitor – Scanning: 50% fail and then fix – Email Seeding 18
  • 16. DEMONSTRATING EU COMPLIANCE 19
  • 17. 1 2 3 20
  • 18. TESTIMONIALS “Being a member of TRUSTe’s EU Safe Harbor Program gives us additional tools in our pursuit of meeting world-class privacy standards. Conversely, TRUSTe’s seals on our web pages help give site visitors the confidence of knowing that we take privacy seriously.” - Patrick Manzo, Vice President of Compliance and Fraud Protection, Monster “It is critical that we abide by the Safe Harbor framework when dealing with business customers in Europe. Our display of TRUSTe’s EU seal marks our compliance with the EU framework and shows that we take customer data handling seriously. It makes selling our services that much easier.” - David Stark, Privacy Officer, North America, TNS 21
  • 19. ABOUT TRUSTe • Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office • Mission: Advancing Privacy and Trust for the Networked World – Widely accepted privacy best practices – Elevate responsible players – Help consumers identify who they can trust – Supplement legislation and regulation – Address emerging privacy vulnerabilities and threats
  • 20. CONTACT INFORMATION Michelle Hines VP of Sales, TRUSTe +1.415.520.3402 mhines@truste.org www.truste.org Jay Cline President, Minnesota Privacy Consultants +1.763.498.2237 cline@minnesotaprivacy.com http://www.minnesotaprivacy.com/ Joanne Furtsch Senior Privacy Architect +1.415.520.3409 jfurtsch@truste.org www.truste.org 23