LightEdge Self-Certifies with the EU-U.S. Privacy Shield Framework
LightEdge self-certifies with EU-U.S. Privacy Shield and commits to the EU-U.S. Privacy Shield requirements for data transfers across the EU and Switzerland.
Bridging the gap between regulations issued in the U.S. and EU for data privacy, the EU-U.S. Privacy Shield Framework was created by the Department of Commerce in coordination with the European Commission to provide U.S. businesses with the ability to self-certify their compliance with European privacy standards.
EU-U.S. Privacy Shield Privacy Principles
Rigorous Privacy Principles for Processing Sensitive Customer Data
LightEdge developed its own self-regulatory privacy program that adheres to the seven privacy principles. Among the principles—Notice, Choice, Onward Transfer (Transfers to Third Parties), Access, Security, Data Integrity, and Enforcement—and the 15 FAQs that make up the framework.
Organizations must notify individuals why they collect personal information about them, the types of third parties to which they disclose this information, and the efforts employed to limit the unauthorized disclosure of such sensitive data. In addition, organizations must provide a means for open communication for inquiries and complaints.
Organizations must allow individuals the choice to opt out of sharing their information with a third party or if used for a different purpose than which it was originally collected.
- Onward Transfer (Transfers to Third Parties)
To continue with the transfer of sensitive data to a third party, the first two principles (Notice and Choice) must be met. Secondly, the organization receiving this information must also comply with the EU-U.S. Privacy Shield Framework’s seven privacy principles or provide a written statement to demonstrate commitment to these principles.
Organizations must take reasonable and appropriate action in their dealings with personal information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.
- Data Integrity
Organizations must take reasonable and appropriate action in their dealings with personal information to ensure data is reliable for its intended use, accurate, complete, and current.
Individuals must have the ability to access, amend, or delete information about themselves unless deemed inappropriate for the organization to provide this function.
- Recourse, Enforcement, and Liability
There must be an effective means of enforcing these rules with proper methods of recourse and an obligation to solve any failures to meet these principles.
An overview of the EU-U.S. Privacy Shield Framework can be found on the export.gov website at EU-U.S. Privacy Shield Overview.