How do organizations provide follow up procedures for verifying that the
attestations and assertions they make about their safe harbor privacy
practices are true and those privacy practices have been implemented as
represented and in accordance with the Safe Harbor Principles?
3. Comparison of EU Data-Transfer Compliance Options
WHY THE SAFE HARBOR?
• For companies with simple & stable transatlantic dataflows
4.
5.
6.
7. FAQ 7 - Verification
Q: How do organizations provide follow up procedures for verifying that the
attestations and assertions they make about their safe harbor privacy
practices are true and those privacy practices have been implemented as
represented and in accordance with the Safe Harbor Principles?
7
http://www.export.gov/safeharbor/SH_FAQ7.asp
8. FAQ No 11: Dispute Resolution and Enforcement
Q: How should the dispute resolution requirements of the Enforcement
Principle be implemented, and how will an organization's persistent failure to
comply with the Principles be handled?
8
http://www.export.gov/safeharbor/FAQ11FINAL.htm
9. DOC SAFE HARBOR LIST
http://www.export.gov/safeharbor/sh_overview.html
9
10. DISPUTE RESOLUTION COMPARISON
Dispute Resolution
Option
Advantage
EU Data Protection
Authorities
• Public
• Decisions made by a DPA are
binding
TRUSTe • Information disclosed in Watchdog
process is confidential
• Transparent, fair and equitable
Other governmental
authorities
Public
11. 11
TRUSTe E.U. SAFE HARBOR SEAL PROGRAM
• Verisign
• Audible
• Harris Interactive
• LinkedIn
• Launched in 2001
• 145 licensees
• Millions of consumers
• Notable members:
12. TRUSTe CERTIFICATION PROCESS
Your organization fills out a TRUSTe contract and self-
assessment incorporating all Safe Harbor Privacy
Principles
TRUSTe conducts an initial site walkthrough and provides
a set of written recommendations in the form of a site
findings report
You implement recommendations on your Web site
TRUSTe awards you privacy seals. Display these where
you collect information to build confidence with customers
TRUSTe ensures ongoing compliance and monitoring
with MAXAMINE scanning and the TRUSTe Watchdog
Dispute Resolution System
12
13. 13
TRUSTe FACILITATES SMOOTH SELF-CERTIFICATION
TRUSTe
helps
companies
fulfill the safe
harbor
principles
Letter of
verification to
self-certify
with DOC
Offers 3rd
Party Dispute
Resolution
with the
Watchdog
Program
Provides a
consumer
facing seal
demonstrating
EU
compliance
14. EU SAFE HARBOR REQUIREMENTS – ADDITIONS
TO COMPLIMENT WEB PRIVACY SEAL
Disclosure in privacy statement that company complies with the
EU Safe Harbor Framework.
Disclose in privacy statement timeframe in which company will
respond to an access request for the purpose of correcting and
updating inaccuracies. TRUSTe requires Program Participants
to respond within 30 days.
Provide a mechanism to request deletion of inaccurate data and
disclose in the privacy statement how to request deletion.
14
15. 15
TRUSTe EU SAFE HARBOR SEAL PROGRAM
WATCHDOG DISPUTE RESOLUTION
• Free of charge to consumers
• Easy-to-use online form
• Transparent, fair and equitable
• Complaints for offline data can
be submitted by mail or fax
• Monthly Watchdog reports
available on TRUSTe Web site
• 86% would recommend using
Watchdog to a friend
16. 16
WATCHDOG COMPLAINTS
• Resolve approximately 5,000 per year directly
– Also offer “self help” through Web site
• TRUSTe works with consumer and the
sealholder to resolve issues
• Critical input to monitoring process
• Watchdogs can assist in identifying trends –
potential threats
• Goal: Improve Consumer Trust
Note: TRUSTe Watchdog
Complaints
17. 17
EXAMPLES OF TRUSTe WATCHDOGS
1. A complainant filed a complaint against an EU-Online sealholder indicating that
someone else had created an online profile pretending to be them. TRUSTe
forwarded the complaint to the sealholder, and the sealholder deleted the
profile as requested.
2. A complainant filed a complaint against an EU-Online sealholder requesting
that they be unsubscribed from all mailings. TRUSTe forwarded the complaint
to the sealholder, and the sealholder promptly replied that they had processed
the unsubscribe request.
3. A complainant filed a complaint that they were unable to close their account
because they are no longer at the e-mail address they used to create their
account. TRUSTe forwarded the complaint to the sealholder, who quickly
responded and notified TRUSTe that they had closed the account.
21. TESTIMONIALS
“Being a member of TRUSTe’s EU Safe Harbor Program gives
us additional tools in our pursuit of meeting world-class privacy
standards. Conversely, TRUSTe’s seals on our web pages
help give site visitors the confidence of knowing that we take
privacy seriously.”
- Patrick Manzo, Vice President of Compliance and Fraud
Protection, Monster
“It is critical that we abide by the Safe Harbor framework when
dealing with business customers in Europe. Our display of
TRUSTe’s EU seal marks our compliance with the EU
framework and shows that we take customer data handling
seriously. It makes selling our services that much easier.”
- David Stark, Privacy Officer, North America, TNS
21
22. ABOUT TRUSTe
• Independent trust authority headquartered in San Francisco
– Formed in 1997 by EFF, CommerceNet, and a number of leading Internet
companies - Microsoft, Intel, IBM, AOL, Excite
– Washington, DC gov’t affairs office
• Mission: Advancing Privacy and Trust for the Networked World
– Widely accepted privacy best practices
– Elevate responsible players
– Help consumers identify who they can trust
– Supplement legislation and regulation
– Address emerging privacy vulnerabilities and threats
23. 23
CONTACT INFORMATION
Michelle Hines
VP of Sales, TRUSTe
+1.415.520.3402
mhines@truste.org
www.truste.org
Jay Cline
President, Minnesota Privacy Consultants
+1.763.498.2237
cline@minnesotaprivacy.com
http://www.minnesotaprivacy.com/
Joanne Furtsch
Senior Privacy Architect
+1.415.520.3409
jfurtsch@truste.org
www.truste.org