The EU-U.S. Privacy Shield Framework: What It Means for You
In previous blogs, we have talked about what you can do to comply with modern data privacy standards, such as the European Union’s GDPR regulations. Today, we’re going to share what we have done lately about meeting privacy standards – and how this will benefit you.
We are proud to announce that Service Objects has been jointly certified by the European Union and the U.S. Department of Commerce under the new EU-U.S. Privacy Shield Framework. We have aligned our own privacy policies to meet the requirements of this Framework, and recently achieved self-certification in the summer of 2018. In the process, we are now meeting the highest standards for the collection, use and retention of personal information for ALL of our clients worldwide.
Understanding the Privacy Shield Framework
So what is the Privacy Shield Framework? In a nutshell, it requires businesses to comply with EU data protection requirements when transferring personal data from the EU to the United States during transatlantic commerce. Here are some of its key principles:
Notice. This includes disclosure about what kinds of personal information are collected about individuals, the purposes for which it is collected and used, the identities of parties to whom information is being disclosed and why, the rights of the individual to access personal data you may hold on file, and access to an approved independent dispute resolution body for privacy complaints.
Choice. Individuals must be offered the choice to opt-out of data being disclosed to third parties or subsequently used for other than its original intended purpose. In the case of sensitive personal information, ranging from medical information to religious or political beliefs, affirmative express consent must be obtained prior to such use or disclosure.
Accountability for onward transfer. Data can only be transferred to third parties for limited and specified purposes, and only after ensuring that these third parties will provide the same level of privacy protection.
Security. Organizations must take reasonable and appropriate measures to protect data from issues such as loss, misuse, or unauthorized access or disclosure.
Data integrity. Steps must be taken to ensure that personal data is accurate, complete, current and reliable for its intended use.
Access. Individuals must have the ability to access their personal data and correct, amend or delete it where appropriate, except in cases where the costs or impact on the rights of others are prohibitive.
Recourse. A key principle of the Framework is access to approved third-party recourse mechanisms for complaints regarding data privacy issues, including binding arbitration on request.
So, what is the benefit of our participation in the Framework? These guidelines provide a level of security and safety for the data we collect about you, as well as data we process on your behalf. This is particularly important if you work with clients in the European Union, but also represents an important set of safeguards for the data of all of your clients. You can view our revised data privacy practices right here.
Data privacy has evolved quickly from being a lofty goal to having specific, measurable best practices in recent years. The EU-U.S. Privacy Shield Framework represents another step toward creating global standards and certifications in this area, and we are proud to be a part of it.