Adam Stone, Privacy Officer
July 17th, 2016
Image Courtesy US Department of Commerce
After political wrangling and delays, the US Department of Commerce announced the adoption the EU-US Privacy Shield framework on July 12, 2016. For data privacy professionals serving organizations that conduct business in the European Economic Area (EEA), this announcement is an important one. The Safe Harbor inadequacy decision handed down by the European Court of Justice in late 2015 sent many US organizations – reliant on the venerable Safe Harbor self-certification program to attest adequate protections for cross-border data flows – into a mild panic. Privacy leaders were left with few attractive options to fill the vacuum left by the inadequacy decision.
Now that the Privacy Shield program is active, many are eager to assess their privacy programs in preparation for the August 1 registration opening. Though the process for Privacy Shield self-certification is similar to Safe Harbor, registrants will find a more robust set of requirements to meet based on a slightly revised set of guiding principles:
| Privacy Shield (New Framework) | Safe Harbor (Old Framework) |
| Notice | Notice |
| Choice | Choice |
| Accountability for Onward Transfer | Onward Transfer |
| Security | Security |
| Data Integrity and Purpose Limitation | Data Integrity |
| Access | Access |
| Recourse, Enforcement and Liability | Enforcement |
How can Secure Digital Solutions (SDS) help you?
Organizations planning to self-certify to the Privacy Shield framework (and take advantage of the grace period for early registrants) can benefit from an objective, third-party review of their data privacy programs. Secure Digital Solutions offers seasoned, IAPP-certified privacy professionals ready to provide effective and cost-efficient program assessments. SDS’ professionals guide privacy leaders with the data needed to make strategic decisions and operationalize privacy controls and processes.
Short on in-house data privacy experts? Contact SDS today to learn about our CPO-for-hire program. We provide executive-level data privacy resources at a fraction of the cost of retaining a large consulting or law firm.