Serraview Earns Privacy Shield & TRUSTe Privacy Certifications
Serraview is proud to announce that we have been officially joined the list of Privacy Shield certified companies, after fulfilling the self-certification requirements set by the U.S. Department of Commerce. We have also recently earned the TRUSTe Enterprise Privacy Certification.
“These privacy certifications provide an additional comfort level for our customers,” said Serraview co-founder Ian Morley. “Serraview clients have even more assurance that our company is fully committed to personal privacy and protecting their data.”
What is Privacy Shield?
Privacy Shield is a joint effort between the European Commission and the U.S. Department of Commerce, which enables the safe transfer of personal data (such as HR and payroll information) from Europe to the United States. The new mechanism complies with more stringent European data protection laws, replacing the Safe Harbor privacy framework that was ruled inadequate in 2015. As global businesses rely on international transfer of personal information for many internal operations, the EU and US worked quickly to develop improved standards.
The new Privacy Shield framework strengthens protection for individuals by increasing obligations for Privacy Shield certified companies in the handling of personal data.
What is required to earn Privacy Shield certification?
Privacy Shield certified companies are required to address the following privacy principles in the handling of both HR and non-HR data.
- Notice: Publish a privacy policy including the organization’s participation in Privacy Shield as well as details about how data is handled and an individual’s associated rights.
- Choice: Offer individuals the choice to opt-out of sharing their data in some situations, and explicitly obtain permission to disclose certain sensitive data.
- Accountability for onward transfer: Follow rules for transferring data to a third-party acting as a controller or an agent.
- Security: Take measures to protect data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data integrity and purpose limitation: Limit data to that which is relevant for processing.
- Access: Provide individuals with access to their personal information and allow them to correct, amend, or delete that information.
- Recourse, enforcement and liability: Provide independent recourse mechanisms for individuals and follow rules for enforcement of the Privacy Shield principles.
Privacy Shield provides a self-certification process where companies can review their own privacy management practices according to these principles. After gaining approval, a Privacy Shield certified company’s commitment to complying with the Privacy Shield framework is enforceable under U.S. law.
TRUSTe Enterprise Privacy Certification
In addition to completing the self-certification process required by Privacy Shield, Serraview took an additional step and engaged a third-party (TRUSTe) to conduct an independent review of our privacy policy and practices.
TRUSTe Enterprise Standard’s comprehensive assessment analyzed Serraview’s privacy practices against globally recognized privacy frameworks, including FIPPs, OECD, GAPP, state and local frameworks such as CalOPPA, self-regulatory and industry best practices, and more. TRUSTe also looked for privacy risks and provided detailed recommendations. The service also provides ongoing guidance related to privacy policy.
You’ll see our certification evidenced by the “TRUSTe Certified Privacy” badge on our digital privacy policy page.