Privacy Shield…
What is it and how does it affect you and the Mobility Industry
The European Union (EU) has declared on numerous occasions that the US does not give adequate protection to EU citizens’ personal data, so the Privacy Shield was constructed to eliminate that concern. The US International Trade Administration (ITA) within the US Department of Commerce administers this program, and companies must complete a registration process to apply for Privacy Shield certification.
Why Dwellworks acted early
Although comprehensive compliance is a significant investment, we believe it’s in the best interest of our clients and the customers they serve to stay fully aware of and aligned with regulatory issues and compliance requirements. Our Chief Compliance Officer and our Chief Privacy Officer were each particularly interested in the legislation surrounding Privacy Shield due to the global nature of our business and our clients’ business. Thus, when the brief window of opportunity opened to register early, we acted quickly and comprehensively to submit our application for registration under the Privacy Shield Framework Agreement between the US and the EU by the September 30 deadline. The application was reviewed and approved on October 3, 2016. (The list of companies who have registered for the Privacy Shield is available here.
Benefit to having applied before September 30, 2016
Organizations that submitted their self-certification to the US Department of Commerce within the first two months of program administration, were allowed a further nine months to bring existing commercial relationships with suppliers and other third parties into full conformity with the Privacy Shield rules. Companies that sign up for certification approval after September 30 will not get the benefit of the additional nine months to bring existing commercial relationships with suppliers and other third parties into full conformity with the Privacy Shield rules.
Privacy Shield and the Mobility Industry
Within the mobility industry, some RMCs registered for the Privacy Shield in advance of the September 30 deadline, setting the expectation for all those in their supplier networks to do the same. Dwellworks, with a long history of compliance and best practice, took the same step to align with our RMC customers and their corporate clients.
From discussions at the recently concluded WERC® Global Workforce Symposium in Washington DC, it is the opinion of Dwellworks Associate Counsel and Chief Privacy Officer, Hank Roth, that relocation management companies will increasingly be expected to have the requirements of the Privacy Shield in place to demonstrate compliance in RFP responses and client contracts regarding data privacy and security. Dwellworks took action in anticipating the inevitable, which will be the need for the RMCs to give assurances to their clients that suppliers are compliant with the EU data protection requirements regarding data transfers to the US. The industry conversation seemed to lean toward the opinion that unless a company is on the published list and a link to the list is published in the company’s online privacy policy, the organization will be at a disadvantage to those registered companies, relative to client and employee comfort regarding data transfers from the EU to the US.
https://www.privacyshield.gov/list