SlideShare a Scribd company logo

10 Practical Tips to Prepare for the New Privacy Shield Era

Paul Hastings
Paul Hastings

This document outlines an agenda for a presentation on preparing for the new EU-US Privacy Shield framework. The agenda includes an introduction, a discussion of Privacy Shield guidance from the US Department of Commerce, tips for transitioning to Privacy Shield, and a roundtable with privacy officers from IBM, Mastercard, and Merck. The presentation will provide 10 practical tips for companies, including communicating about Privacy Shield, considering changes to data transfers and redress processes, and preparing documentation of compliance.

Law
1 of 14
Download to read offline
/ / 0 THE AGE OF SAFE HARBOR IS OVER. 10 Practical Tips to Prepare for the New Privacy Shield Era March // 21 // 2016 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
/ / 1 >>>>>>>>>>>>>> THE AGE OF SAFE HARBOR IS OVER 10 Practical Tips to Prepare for the New Privacy Shield Era
/ / 2 PROGRAM AGENDA > WELCOME, INTRODUCTIONS AND OPENING REMARKS > PRIVACY SHIELD GUIDANCE FROM U.S. DEPARTMENT OF COMMERCE > 10 TIPS COMPANIES ARE USING TO TRANSITION TO PRIVACY SHIELD > LEADING PRACTITIONER ROUNDTABLE > QUESTIONS & ANSWERS
/ / 3 >>>>>>>>>>>>>> WELCOME, INTRODUCTIONS AND OPENING REMARKS BRIAN KUDOWITZ, COMMERCIAL PRODUCT DIRECTOR – IP, PRIVACY & DATA SECURITY, TECH & TELECOM, BLOOMBERG BNA
/ / 4 >>>>>>>>>>>>>> PRIVACY SHIELD GUIDANCE TED DEAN, DEPUTY ASSISTANT SECRETARY FOR SERVICES, INTERNATIONAL TRADE ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE
/ / 5 >>>>>>>>>>>>>> 10 TIPS COMPANIES ARE USING TO TRANSITION TO PRIVACY SHIELD JIM KOENIG, LEADER, PH PRIVACY & CYBER IMPLEMENTATION SOLUTIONS, PAUL HASTINGS LLP
/ / 6 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . STRATEGIC 1. Communicate - Same Principles – Not Same Program. o Big differences depending on who you are and certain risk factors (below). 2. Consider Biggest Areas of Change - Onward Transfers and Redress. o Leverage expertise/experience from analogies under GLBA, HIPAA, Safe Harbor, other. 3. Communicate/Budget Privacy Shield as Part of Larger Global Progression. o GDPR and other laws will require additional investment and internal partnership in the underlying good data hygiene, data management and data use and sharing practices. 4. Consider Certain Risk Factors Specific to Your Company. o Business Needs o Global Footprint o Exposure to EU Citizens, Workforce, Outsourcing and Cloud o Maturity of Privacy Program, Including Redress Program o Sophistication of Vendor Management and State of Contracts o Types and Sensitivity of Data and Data Elements o Target of Consumers and/or Regulators o B2B vs B2C
/ / 7 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD • 1. Privacy Shield Policy & Compliance • Draft/Update New Policy • Enhance Underlying Compliance (redress, opt-in/opt-out, retention, redress) Workstream 1 1.Notice 2.Choice 3. Access 4. Data Integrity/ Purpose Limit 5. Recourse & Enforcement • 2. Privacy Shield Scoping/Security/Questionnaire • Review Prior Scoping / Diligence • Document Compliance with Questionnaire Workstream 2 6. Security • 3. Contract Addendum • Draft Addendum • Enter into with priority/all vendors Workstream 3 7. Onward Transfer • 4. Documentation and Compliance • Draft Gap Assessment Report and Build Binder • Update and Deliver Training Workstream 4 Certification Preparation Simplifying Certification into Four Workstreams. Many companies architect key activities as follows: Certification under EU- US Privacy Shield
/ / 8 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . TACTICAL 5. Confirm Scoping Before Moving Forward. o Do not just scope EU data. Scope for security, data uses and other types of data. 6. Create Privacy Shield Policy, but Consider Broader Coverage and Delivery. o Consider policy coverage options – global, enterprise, all data, not just Privacy Shield data. o New provisions under Privacy Shield include (i) Enforcement Body, (ii) New Arbitration Right, (iii) Government Disclosures and (iv) Onward Transfer Liability. o Consider effectiveness of delivery points – EU Promise. 7. Enhance/Create Vendor Management Program. o New requirements: o Limitation and Contractual Requirement o Controller Liability Assumed in First Instance o Update supplier contracts (if not already done) 9-Month Phase-In Timing for Companies Certifying in First 2 Months of Privacy Shield. o Build policy and infrastructure to support ongoing requirements.
/ / 9 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . TACTICAL 8. Enhance Formalization of Compliance Preparation and Documentation. o Evidence of compliance subject to DoC /FTC inquiry/review - available upon request. o New monitoring of compliance through detailed questionnaires sent in response to triggers. o Sanctions and removal for persistent failure to comply – New Wall of Shame. 9. Prepare for New Redress Timelines and Process for Misuse of Data. o Lodge a complaint with the company itself – Reply must be within 45 days. o Use alternative dispute resolution. o Individuals can now refer a complaint to their ‘Home’ DPA. o Companies are obligated to cooperate with DPAs for HR Data. o Advice Given by Panel of DPAs – Generally within a 60-Day Timeframe. o DoC/FTC referrals and other consequences for failure to comply within 25 days. o Privacy Shield Panel - New Arbitration Mechanism as a Last Resort o Cannot be invoked for HR data and in other circumstances. 10. Do Not Hyperventilate. o Take advantage of the focus to help your company and be seen as a trusted problem solver.
/ / 10 >>>>>>>>>>>>>> LEADING PRACTITIONER ROUNDTABLE ► CHRISTINA PETERS, CHIEF PRIVACY OFFICER, IBM ► JOANN STONIER, EVP, CHIEF INFORMATION GOVERNANCE & PRIVACY OFFICER, MASTERCARD ► HILARY WANDALL, AVP, COMPLIANCE AND CHIEF PRIVACY OFFICER, MERCK ► JIM KOENIG, LEADER, PH PRIVACY & CYBER IMPLEMENTATION SOLUTIONS, PAUL HASTINGS (MODERATOR)
/ / 11 PANELISTS James Koenig, Leader, PH Privacy & Cyber Implementation Solutions, Paul Hastings Christina Peters, Chief Privacy Officer, IBM JoAnn Stonier, EVP, Chief Information Governance & Privacy Officer, MasterCard Hilary Wandall, AVP, Compliance and Chief Privacy Officer, Merck
/ / 12 >>>>>>>>>>>>>> QUESTIONS & ANSWERS
/ / 13 QUESTIONS & PRESENTATION COPIES Jim Koenig +1.610.246.4426 jimkoenig@paulhastings.com

Recommended

Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Sagara Gunathunga
 
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 

Recommended

Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Sagara Gunathunga
 
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3J. David Morris
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR WorkshopCurt Lewis
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designMichelangelo van Dam
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 

More Related Content

What's hot

Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3J. David Morris
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 

What's hot (20)

Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran Adler
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No Time
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 

Similar to 10 Practical Tips to Prepare for the New Privacy Shield Era

Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anywayIRIS
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxcarliotwaycave
 
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...apidays
 
Forecast 2014: ODCA Board Best Practice: UBS
Forecast 2014: ODCA Board Best Practice: UBS Forecast 2014: ODCA Board Best Practice: UBS
Forecast 2014: ODCA Board Best Practice: UBS Open Data Center Alliance
 
Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Osler, Hoskin & Harcourt LLP
 
DATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxDATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxwrite22
 
DATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxDATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxsdfghj21
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Guide to Prospective European Union - United States Privacy Shield Program
Guide to Prospective European Union - United States Privacy Shield ProgramGuide to Prospective European Union - United States Privacy Shield Program
Guide to Prospective European Union - United States Privacy Shield ProgramChristina Gagnier
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
UK FCA Sandbox Overview
UK FCA Sandbox OverviewUK FCA Sandbox Overview
UK FCA Sandbox OverviewOxbow Partners
 

Similar to 10 Practical Tips to Prepare for the New Privacy Shield Era (20)

Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docx
 
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
 
Forecast 2014: ODCA Board Best Practice: UBS
Forecast 2014: ODCA Board Best Practice: UBS Forecast 2014: ODCA Board Best Practice: UBS
Forecast 2014: ODCA Board Best Practice: UBS
 
Rfid 2009
Rfid 2009Rfid 2009
Rfid 2009
 
Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices
 
DATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxDATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docx
 
DATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docxDATA4000 Individual Report and Individual Presentation.docx
DATA4000 Individual Report and Individual Presentation.docx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Guide to Prospective European Union - United States Privacy Shield Program
Guide to Prospective European Union - United States Privacy Shield ProgramGuide to Prospective European Union - United States Privacy Shield Program
Guide to Prospective European Union - United States Privacy Shield Program
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
UK FCA Sandbox Overview
UK FCA Sandbox OverviewUK FCA Sandbox Overview
UK FCA Sandbox Overview
 

Recently uploaded

Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtGabe Whitley
 
indian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law studentindian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law studentAaruKhanduri
 
Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.docNotes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.docBRELGOSIMAT
 
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)Mike Keyes
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
 
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtDebt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtssuser0576e4
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxMwaiMapemba
 
DNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptxDNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
 
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxPRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
 
Solidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South AfricaSolidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South AfricaUniversity of Ferrara
 
Book review - Amartya Sen's Idea of Justice
Book review - Amartya Sen's Idea of JusticeBook review - Amartya Sen's Idea of Justice
Book review - Amartya Sen's Idea of Justiceanvithaav
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizgaelcabigunda
 
Types of Cybercrime and Its Impact on Society
Types of Cybercrime and Its Impact on SocietyTypes of Cybercrime and Its Impact on Society
Types of Cybercrime and Its Impact on Societynanjeebarifa
 
Everything You Should Know About Child Custody and Parenting While Living in ...
Everything You Should Know About Child Custody and Parenting While Living in ...Everything You Should Know About Child Custody and Parenting While Living in ...
Everything You Should Know About Child Custody and Parenting While Living in ...AvinashMittal5
 
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of lawsApplication of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of lawsanvithaav
 
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...Dr. Oliver Massmann
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
 
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxRIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxOmGod1
 
7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdfGoodman Estate Law
 

Recently uploaded (20)

Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
 
indian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law studentindian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law student
 
Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.docNotes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.doc
 
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
 
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtDebt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
 
DNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptxDNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptx
 
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxPRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
 
Solidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South AfricaSolidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South Africa
 
Book review - Amartya Sen's Idea of Justice
Book review - Amartya Sen's Idea of JusticeBook review - Amartya Sen's Idea of Justice
Book review - Amartya Sen's Idea of Justice
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
 
Types of Cybercrime and Its Impact on Society
Types of Cybercrime and Its Impact on SocietyTypes of Cybercrime and Its Impact on Society
Types of Cybercrime and Its Impact on Society
 
Everything You Should Know About Child Custody and Parenting While Living in ...
Everything You Should Know About Child Custody and Parenting While Living in ...Everything You Should Know About Child Custody and Parenting While Living in ...
Everything You Should Know About Child Custody and Parenting While Living in ...
 
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of lawsApplication of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of laws
 
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
 
Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898
 
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxRIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
 
7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf
 

10 Practical Tips to Prepare for the New Privacy Shield Era

  • 1. / / 0 THE AGE OF SAFE HARBOR IS OVER. 10 Practical Tips to Prepare for the New Privacy Shield Era March // 21 // 2016 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  • 2. / / 1 >>>>>>>>>>>>>> THE AGE OF SAFE HARBOR IS OVER 10 Practical Tips to Prepare for the New Privacy Shield Era
  • 3. / / 2 PROGRAM AGENDA > WELCOME, INTRODUCTIONS AND OPENING REMARKS > PRIVACY SHIELD GUIDANCE FROM U.S. DEPARTMENT OF COMMERCE > 10 TIPS COMPANIES ARE USING TO TRANSITION TO PRIVACY SHIELD > LEADING PRACTITIONER ROUNDTABLE > QUESTIONS & ANSWERS
  • 4. / / 3 >>>>>>>>>>>>>> WELCOME, INTRODUCTIONS AND OPENING REMARKS BRIAN KUDOWITZ, COMMERCIAL PRODUCT DIRECTOR – IP, PRIVACY & DATA SECURITY, TECH & TELECOM, BLOOMBERG BNA
  • 5. / / 4 >>>>>>>>>>>>>> PRIVACY SHIELD GUIDANCE TED DEAN, DEPUTY ASSISTANT SECRETARY FOR SERVICES, INTERNATIONAL TRADE ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE
  • 6. / / 5 >>>>>>>>>>>>>> 10 TIPS COMPANIES ARE USING TO TRANSITION TO PRIVACY SHIELD JIM KOENIG, LEADER, PH PRIVACY & CYBER IMPLEMENTATION SOLUTIONS, PAUL HASTINGS LLP
  • 7. / / 6 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . STRATEGIC 1. Communicate - Same Principles – Not Same Program. o Big differences depending on who you are and certain risk factors (below). 2. Consider Biggest Areas of Change - Onward Transfers and Redress. o Leverage expertise/experience from analogies under GLBA, HIPAA, Safe Harbor, other. 3. Communicate/Budget Privacy Shield as Part of Larger Global Progression. o GDPR and other laws will require additional investment and internal partnership in the underlying good data hygiene, data management and data use and sharing practices. 4. Consider Certain Risk Factors Specific to Your Company. o Business Needs o Global Footprint o Exposure to EU Citizens, Workforce, Outsourcing and Cloud o Maturity of Privacy Program, Including Redress Program o Sophistication of Vendor Management and State of Contracts o Types and Sensitivity of Data and Data Elements o Target of Consumers and/or Regulators o B2B vs B2C
  • 8. / / 7 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD • 1. Privacy Shield Policy & Compliance • Draft/Update New Policy • Enhance Underlying Compliance (redress, opt-in/opt-out, retention, redress) Workstream 1 1.Notice 2.Choice 3. Access 4. Data Integrity/ Purpose Limit 5. Recourse & Enforcement • 2. Privacy Shield Scoping/Security/Questionnaire • Review Prior Scoping / Diligence • Document Compliance with Questionnaire Workstream 2 6. Security • 3. Contract Addendum • Draft Addendum • Enter into with priority/all vendors Workstream 3 7. Onward Transfer • 4. Documentation and Compliance • Draft Gap Assessment Report and Build Binder • Update and Deliver Training Workstream 4 Certification Preparation Simplifying Certification into Four Workstreams. Many companies architect key activities as follows: Certification under EU- US Privacy Shield
  • 9. / / 8 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . TACTICAL 5. Confirm Scoping Before Moving Forward. o Do not just scope EU data. Scope for security, data uses and other types of data. 6. Create Privacy Shield Policy, but Consider Broader Coverage and Delivery. o Consider policy coverage options – global, enterprise, all data, not just Privacy Shield data. o New provisions under Privacy Shield include (i) Enforcement Body, (ii) New Arbitration Right, (iii) Government Disclosures and (iv) Onward Transfer Liability. o Consider effectiveness of delivery points – EU Promise. 7. Enhance/Create Vendor Management Program. o New requirements: o Limitation and Contractual Requirement o Controller Liability Assumed in First Instance o Update supplier contracts (if not already done) 9-Month Phase-In Timing for Companies Certifying in First 2 Months of Privacy Shield. o Build policy and infrastructure to support ongoing requirements.
  • 10. / / 9 TEN TIPS TO CONSIDER IN TRANSITION TO PRIVACY SHIELD IDEAS OTHERS ARE CONSIDERING . . . TACTICAL 8. Enhance Formalization of Compliance Preparation and Documentation. o Evidence of compliance subject to DoC /FTC inquiry/review - available upon request. o New monitoring of compliance through detailed questionnaires sent in response to triggers. o Sanctions and removal for persistent failure to comply – New Wall of Shame. 9. Prepare for New Redress Timelines and Process for Misuse of Data. o Lodge a complaint with the company itself – Reply must be within 45 days. o Use alternative dispute resolution. o Individuals can now refer a complaint to their ‘Home’ DPA. o Companies are obligated to cooperate with DPAs for HR Data. o Advice Given by Panel of DPAs – Generally within a 60-Day Timeframe. o DoC/FTC referrals and other consequences for failure to comply within 25 days. o Privacy Shield Panel - New Arbitration Mechanism as a Last Resort o Cannot be invoked for HR data and in other circumstances. 10. Do Not Hyperventilate. o Take advantage of the focus to help your company and be seen as a trusted problem solver.
  • 11. / / 10 >>>>>>>>>>>>>> LEADING PRACTITIONER ROUNDTABLE ► CHRISTINA PETERS, CHIEF PRIVACY OFFICER, IBM ► JOANN STONIER, EVP, CHIEF INFORMATION GOVERNANCE & PRIVACY OFFICER, MASTERCARD ► HILARY WANDALL, AVP, COMPLIANCE AND CHIEF PRIVACY OFFICER, MERCK ► JIM KOENIG, LEADER, PH PRIVACY & CYBER IMPLEMENTATION SOLUTIONS, PAUL HASTINGS (MODERATOR)
  • 12. / / 11 PANELISTS James Koenig, Leader, PH Privacy & Cyber Implementation Solutions, Paul Hastings Christina Peters, Chief Privacy Officer, IBM JoAnn Stonier, EVP, Chief Information Governance & Privacy Officer, MasterCard Hilary Wandall, AVP, Compliance and Chief Privacy Officer, Merck
  • 14. / / 13 QUESTIONS & PRESENTATION COPIES Jim Koenig +1.610.246.4426 jimkoenig@paulhastings.com