cloud eush wp final
TRANSCRIPT
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 1/9
TRUSTe WHITEPAPER
Joining the Global
TRUSTed Cloud
TRUSTe Inc.
US: 1-888-878-7830
EU: +44 (0) 203 626 0109
www.truste.com
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 2/9
TRUSTe WHITEPAPER: Joining the Global Cloud 2
Joining the Global TRUSTed Cloud
IBM began the centralized hosting of business applications as early as the 1960s, but not
until the 21st century did Internet-enabled “cloud computing” fully take off and produce
multi-billion dollar business segments that some analysts predict will eclipse $20 billion
by 2015. Professionals now commonly refer to “software as a service” (SaaS), in everyday
conversations. The Cloud has become such a relevant, important feature of modern business
because it brings undeniable efciencies, improvements in levels of service, and cost
savings to organizations that rely on it. However, it is a dramatic, complex new landscape
of expectations, interaction, and potential pitfalls on a global scale into which no one should
tread without careful consideration.
If you are a SaaS provider or incorporating such services into your own business, relying
on the Cloud means needing to pay special attention to how it works in order to meet your
professional obligations and protect your brand.
This white paper will allow you to become more adept at recognizing where customer
expectations about privacy and compliance with national and international policy including
the EU Safe Harbor framework meet. See gure 1 below:
Pitfalls of Data Collection and Data Processing
Data is now the primary driver for business intelligence and competitive advantages, but
personally identiable information (PII) in this mix of big data can put you at great risk if you
or your vendor partners do not secure it properly as a function of collecting or processing
it. The number of incidents and frequency of PII being compromised due to poor security or
inadvertent mishandling issues are on the rise. Forrester in their October 2012 report titled
“identify and inuence data security and privacy stakeholders” highlighted 924 condence-
shattering cyber events in the rst eight months of 2012 alone.
BUSINESS
NEEDS
We are here.
COMPLIANCE PRODUCTIVITYPRIVACY
WEB
MOBILE
FIGURE 1
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 3/9
TRUSTe WHITEPAPER: Joining the Global Cloud 3
If you are inherently condent that any PII your service is handling, “will probably be ne,”
it very likely will not be. You are likely vulnerable in some, even small way, to attacks from
outside of your organization. And, if your service was not built originally on a pervasive
Privacy by Design* strategy, then you may also have dangerous internal vulnerabilities.
For more information on Privacy-by-Design and its creator Dr. Ann Cavoukian, visit
http://www.privacybydesign.ca
It is a common misperception that external threats from nefarious entities are at the heart of
data-centric ascos and embarrassments. These are not the only problems that organizations
face when their policies and practices are not designed properly to respect PII.
In the following diagram you’ll recognize the brands of many, very different US national and
international businesses. They each have different business models and customer bases, but
do collect PII and analyze their customers’ preferences. In the end, business decisions all
revolve around data, and in these examples there was no external threat.
January February March April May June July AugustJanuary February March April May June July August
Zappos: 24 million records
YouPorn: 1.4 million records
Gamigo: 8.2 million records
Global Payments:
7 million records
CA Dept. of Social
Services:
701,000 records
Texas Secretary of State: 6.5 million records
LinkedIn: 6.5 million records
Elections Ontario:
4 million records
Yahoo:
453,492 records
Shanghai Roadway D&B Marketing Sevices: 150 million records
eHarmony:
1.5 million
records
Formspring:
28 million records
EPA:
8,000
records
2011: January - August
924 cyberevents
264 million records!
FIGURE 2
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 4/9
TRUSTe WHITEPAPER: Joining the Global Cloud 4
Again, whether you are the data collector who was originally trusted to collect someone’s PII
or the processor to whom it was passed for analysis, safekeeping, or other processing, you are
at risk of committing data mismanagement. This could cost you customer trust, damage your
brand, and expose you to lawsuits, regulatory nes, and multi-decade invasive audits.
Layering on International Concerns
If your organization has over 200 employees, your business is likely crossing oceans, in terms
of partner and vendor relationships as well as data. Abroad, especially in the European Union,
laws governing PII are even more restrictive than those in the United States. Even as long
ago as July of 2000 Microsoft was convicted of personal data mishandling of its employees
in Spain. Microsoft was originally ned the equivalent of roughly USD 250,000. Since then,
European law has continued to evolve, producing policies like the EU Cookie Directive which
governs how businesses are allowed to access and store data on a EU citizens’ devices.
Recent activity by the Article 29 Working Committee in the EU points towards a trend of
increasingly complex regulation over the next three to ve years.
Until now the safest solution for most US organizations to engage in European-related
business has been by complying with the US-EU Safe Harbor Framework (EUSH). In October
of 1998 the European Commission’s 1995 Directive on Data Protection took effect in the
interest of protecting the personal information of European citizens. The Directive prohibits
the transfer of personal data to non-European Union countries that do not meet the EU
2011
Apple and Google
weather “location gate”
privacy scandal over
their mobie devices.
Apple changes collection
practices in response.
2011
Playdom fined $3 million
for violating children’s
online privacy.
2011
Broken Thumbs Apps
settles FTC charges that
it violated children’sprivacy law – company
is fined and forced to
destroy the data.
2011
Netflix faces multiple
privacy lawsuits over
its data storage
practices.
2011
Acquisition of Borders
delayed due to questions
over privacy rights of
46M email subscribers.
2011
OnStar forced to reverse
location tracking policy
following privacy outcry.
2012
Path social network
app accesses
address books withoutpermission.
2011
nebuAd settles $2.4
million privacy lawsuit
over behavioraltargeting practices.
FIGURE 3
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 5/9
TRUSTe WHITEPAPER: Joining the Global Cloud 5
adequacy standard for privacy protection. In general the United States’ approach to privacy
protection is deemed inadequate by these European standards. Without some collaboration
between US and EU authorities the late 90’s Directive could have become a signicant
hindrance to trans-Atlantic transactions and trade.
In 2000 the EU Data Protection Authorities approved the US–EU Safe Harbor Framework. This
mechanism allows US companies to self-certify annually via the US Department of Commerce
that their data-handling is in fact adequate to meet European standards for data transfers from
the EU to the United States. It was conceived as the most broad and efcient way to lubricate
commerce across the Atlantic with the least amount of burden on individual organizations.
Even with the decade+ history of EUSH, things have been changing in European law and it is
likely to evolve over the course of 2014 through 2016 . Additionally, Switzerland has its own,
separate framework agreement with the United States. If you are subject to oversight by the FTC
and DOT due to the international reach of your business, this is an evolving policy area that you
must not ignore.
No Islands in the Cloud
It is virtually impossible to be an island in the Cloud in today’s big-data enabled interaction
paradigm. Every entity that historically may have been separate and self-contained is
rapidly becoming a mere node in a vast network of processing applications, interconnected
databases and their front-end interfaces. Violations can happen as data, including PII,
is passed around from department to department, even internally. But as a responsible
organizational leader, it is mandatory to recognize that even data passing internally to an
ofce abroad warrants stringent data processing requirements.
The situation increases in complexity when you are engaging and collaborating with other
SaaS companies to provide Cloud-enabled infrastructure and service to clients. Contracts mustbe in place to properly protect PII in a networked ecosystem and failure at any node, yours
or another’s whom you are trusting, could end up turning your brand into a privacy violation
statistic.
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 6/9
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 7/9
TRUSTe WHITEPAPER: Joining the Global Cloud 7
Beyond North America and Europe
If your data ows involve complexities like European PII owing to Latin America or Asia,
you may need TRUSTe’s additional counsel on nding the right legal support for setting
up Binding Corporate Rules (BCRs) or implementing Model Contracts. The need for these
scenarios is claried as a standard function of the TRUSTed Cloud consultation process.
Dispute Resolution Support
Even when you’ve made concerted attempts to cover every base, problems anddisagreements invariably arise. As a member of the TRUSTed Cloud, TRUSTe will be there to
help you avoid the pain and expense of full on, reputation-damaging domestic or international
law suits.
The Perks of Pervasive Trust
Under the TRUSTed Cloud umbrella you’ll be able to rest assured that:
• Your customers will trust that you respect them and their privacy.
• You’ll need not fear that you are out of compliance.
• You’ll know that your divisions are maximally productive in their initiatives that involve PII.
HEADQUARTERS
CORPORATE
UARTERS
ORATE
Contract
Vendor’s
Partner
LOCATIONPHONE NUMBER
NAME
HEAD
CO
Q
PRIVACYPOLICY
SaaS
VendorVendor’s Partner
SaaS
Vendor
Vendor’s
Partner
FIGURE 5
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 8/9
TRUSTe WHITEPAPER: Joining the Global Cloud 8
TRUSTe professionals will assure that you’re in the best shape possible on all of these varied
fronts and will provide you with extensive documentation and support in this process:
Most importantly, you’ll know that with TRUSTed Cloud certication your internal policies and
practices are optimized across this matrix of business needs.
This all inevitably leads to:• Accelerated sales cycles
• More contract renewals
• More deals ultimately closed
TRUSTed
Cloud Seal
Assessment of
your Data
Privacy Practices
PRIVACY ANALYSIS REPORT:
Gaps in Practice
& Controls
Updated
Privacy Policy
Dispute Resolution
Service
Dedicated Account
Management
Letter of
Certification
BUSINESS
NEEDS
You are safely
at the forefront
in the Cloud.
COMPLIANCE PRODUCTIVITYPRIVACY
WEB
MOBILE
FIGURE 6
FIGURE 7
7/28/2019 Cloud Eush Wp Final
http://slidepdf.com/reader/full/cloud-eush-wp-final 9/9
TRUSTe WHITEPAPER: Joining the Global Cloud 9
US: 1-888-878-7830 | EU: +44 (0) 203 626 0109 | www.truste.com © 2012 All Rights Reserved
Thousands of Organizations Rely on TRUSTe’s Expertise
As a prime example of what TRUSTe has done for clients across the globe, let’s hear what
David Fowler the CPO of Marketsh feels about relying on the Cloud for their success.
Marketsh is the only fully automated, cloud-based lead generation platform that offers free
access to an online marketplace for e-mail, postal lists, and the ability to build and execute
marketing campaigns in under 30 minutes.
Over 15 Years of Getting it Right
Dave knows as an executive relying on the Cloud for is core business model that with
guidance from and certication by TRUSTe, he’s in great hands in terms of meeting
customers’ and regulators privacy and security expectations all over the planet.
About TRUSTe
As a leading provider of data privacy solutions and certication services for over 15 years,
small and large enterprises alike have come to rely on TRUSTe to assist in designing and
implementing comprehensive data privacy strategies. TRUSTe fully understands the
complexities of privacy and security as they relate to business in the Cloud. We invite small
to large enterprises to allow TRUSTe help you, protect your assets and garner consumer trust
with the TRUSTed Cloud.
TRUSTe is the leading global data and privacy solutions provider. TRUSTe offers a broad
suite of solutions that enable multinational companies to safely and efciently handle the
customer data powering their online businesses, including advertising, cloud services, mobile
applications, and websites. Over 5,000 web properties from top companies like Apple, Disney,
eBay, Forbes, HP, and Microsoft rely on TRUSTe to ensure compliance with evolving and
complex international privacy requirements. TRUSTe’s mission, based on a “Truth in Privacy”
framework, is built on a solid foundation of transparency, choice and accountability regarding
the collection and use of personal information. TRUSTe’s privacy seal is recognized and
trusted by millions of consumers worldwide as a sign of responsible privacy practices. For
additional information on TRUSTe and its offerings, please visit http://www.truste.com.
Footnote: For more information on Privacy-by-Design and its creator Dr. Ann Cavoukian, visit http://www.privacybydesign.ca
“At rst when we looked at this in terms of Marketsh’s roadmap, our rst strategic
decision was to enlist the help of TRUSTe. I personally and professionally have
followed and worked closely with TRUSTe since 2004 so this decision really wasn’t a
difcult one because I know that their solutions would solve my business challenge
and I’ve seen that in the past. TRUSTe have great products and services and good
peeps that solve complex issues in a timely fashion and support the solutions that
increase ROI. In fact, as the digital marketplace has developed and become more
complex to navigate, I would suggest that in 2013 and beyond if you are operating on
the Internet you can not afford not to have certication.”