No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Privacy Shield in Limbo

by Peter Merkulov
June 29, 2016
in Data Privacy, Featured
Data governance a challenge in the wake of Safe Harbor

At the turn of the 21st century, the internet grew to become a vital conduit for trade. International markets became accessible to any organization or entrepreneur with a modem, and consumer data, known as personally identifiable information (PII), emerged as an important component of commerce. However, U.S. and European laws do not cover the same digital privacy rules, therefore a trade agreement known as Safe Harbor was enacted to harmonize the differences and to make it easier for companies to comply with a single legal framework.

For a decade under Safe Harbor, the U.S. and EU engaged in a robust cross-border trade of private citizen data that U.S. Secretary of Commerce Penny Pritzker recently stated is worth $260 billion. Then, in 2013, a CIA employee by the name of Edward Snowden blew the whistle on what he regarded as unconstitutional domestic surveillance and intelligence gathering activities. Europeans and the rest of the global community were shocked, a lawsuit was filed and, in October of 2015, the Safe Harbor framework was invalidated by what is now known as the Schrems Decision—the culmination of an erosion of trust that seemed to take U.S. industry by surprise but, in hindsight, was not at all surprising. Safe Harbor’s foundation was a long-standing assumption of trust between trading partners and that trust was broken.

In an effort to restore simplified cross-border data exchange, a new proposal known as the EU-U.S. Privacy Shield was drafted and submitted to Europe’s privacy watchdog group, the Article 29 Working Party, for ratification earlier this year. The first draft was rejected over what the EU’s privacy chiefs deemed to be inadequate protections and redress. While Europe’s Article 29 Working Party waits for a revised draft of the EU-U.S. Privacy Shield agreement, American companies with overseas interests must continue to engage in trans-Atlantic data-sharing—and many are worried about what to do while diplomacy plays out.

Even with the likelihood that a rewritten Privacy Shield will be adopted by the EU, there remains uncertainty. What is a company to do while waiting for a Privacy Shield agreement that is acceptable to the EU privacy commissioners?

The first step is for companies to recognize that they remain responsible for the way PII is protected and respected. Privacy Shield will make things easier than they would be otherwise, but compliance and the ongoing maintenance of trust takes effort. That means investing in programs, training and tools required to protect data. In the U.S., companies are already compelled to invest in systems and practices that comply with privacy and data security laws in order to protect the public. According to research firm Gartner, total spending on information security products last year eclipsed $75 billion.

Security alone is not enough. Contractual obligations between companies that meet the standards prescribed by the various jurisdictions are necessary. Once such contracts are in place, the governance of data transfers—assurances that both data security and data management policies are adequate to current legal standards and are being followed—must be documented in order to demonstrate to regulating authorities that operations are compliant with the law and with binding contracts. It is one thing to say you know the rules and still another to verify compliance. This is vital for the company’s own protection should privacy violations be alleged. And, of course, this should all be done with the support of legal counsel.

Trans-Atlantic data transfer did not end abruptly when Safe Harbor was invalidated. U.S. and EU trading partners continue to do business and will do so with or without Privacy Shield, and forward-looking companies would do well to recognize that data security is a challenge that will grow more difficult no matter what trade agreements are in place. Compliance is a floor or a ceiling, and companies should therefore set their own high standards for protecting and managing data. That is how to build and maintain trust.


Tags: Board Risk OversightCommunications Management
Previous Post

Companies that Use Suppliers with Political “Connections” May Damage Reputation

Next Post

Transparency International Condemns Prosecution and Sentencing of LuxLeaks Whistleblowers

Peter Merkulov

Peter Merkulov

Peter Merkulov serves as Chief Technology Officer at Globalscape. He is responsible for leading and overseeing the product strategy, product management, product marketing, technology alliances, engineering and quality assurance teams. Merkulov has more than 16 years of experience in the IT security industry, specifically in product strategy and management. Prior to joining Globalscape, Merkulov served as Executive Vice President at Kaspersky Lab North America, where he oversaw the expansion of the business within North America, and was second in command of their North American operations. He also served as their Chief Product Officer, where he drove the adoption, development and execution of long-term product strategy. Merkulov also served as the Vice President of Technology Alliances at Kaspersky Lab. Merkulov is a graduate of Moscow State Institute of International Relations and is fluent in English, Russian and Swedish.

Related Posts

svb_f

Risky Business: Important Lessons From SVB’s Demise

by Atul Vashistha
March 28, 2023

When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

shifting sands risk

Shifting Sands: Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape

by Jim DeLoach
February 22, 2023

The global risk landscape has rarely been more unsettled over the past half-century than it is right now, and a...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
Transparency International Condemns Prosecution and Sentencing of LuxLeaks Whistleblowers

Transparency International Condemns Prosecution and Sentencing of LuxLeaks Whistleblowers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT