blog
EU-US Privacy Shield Certification: A Reflection of Ensono’s Commitment to Data Privacy and Security
Charles Nwasor, Director, Global Assurance & Advisory
Tuesday, February 07, 2017

At Ensono, we place a high priority on data privacy and security. That’s one reason why we’ve recently taken a big step toward increasing the protection of personally identifiable information transferred from companies in the European Union to companies in the United States during the course of transatlantic commerce.

In December 2016, Ensono was certified to the EU-US Privacy Shield Framework by the U.S. Department of Commerce. This Framework provides organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements whenever personal data is transferred from the EU to the US.

Robust and Enforceable Protections for Personal Data

The EU-US Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of individuals in the EU. It replaces the Safe Harbor framework for data protection, which was invalidated in 2015 due to a legal challenge.

Once the Safe Harbor was invalidated, the European Commission and the U.S. moved quickly to design the new framework as a replacement, and begin accepting applications for certification. Ensono’s application was made in September and approved on December 22, 2016.

The framework articulates core privacy principles that must be followed by all certified organizations. These include the rights of individuals to be notified that their personal information is being used in commerce, to be told what their data is being used for, and to give their consent for the use of their data. The framework also applies to the transfer of data to subcontracted third parties of U.S. firms.

In addition, the framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs) to collectively safeguard the privacy rights of EU individuals.

Why the EU-US Privacy Shield Framework is Necessary

When determining whether existing data protections that are in place in foreign countries are adequate, the EU mainly looks for comprehensive legal frameworks providing broad and strong privacy protections.

In the U.S., privacy regulations tend to be more fragmented by industry, such as the Health Insurance Portability and Accountability Act (HIPAA). This partly informed the need to establish legal transfer mechanisms, such as Safe Harbor and subsequently, the EU-US Privacy Shield Framework.

This certification is another example of Ensono’s enduring commitment to our clients and stakeholders around the world, to safeguarding sensitive information. “It aligns with our organizational values, enhances our global data protection framework, all of which are imperative to sustaining the trust of our clients and partners, as well as to our long term growth and success,” says Ensono CEO Jeff Von Deylen.

Compliance with GDPR, Too

In addition to our Privacy Shield certification, Ensono is also implementing controls in compliance with the European Union General Data Protection Regulation (GDPR).

The GDPR is intended to strengthen the regulatory environment governing the protection of EU personal data used in the course of performing international business and commerce. Enforcement of the GDPR begins in May 2018, following a two-year transition period.

“Ensono’s adoption of and certification to the EU-US Privacy Shield Principles provides further assurance to our European clients and global partners of our dedication to regulatory compliance and safeguarding sensitive information,” says Von Deylen.


About the Author

Charles has over 11 years of experience in information technology governance, security, risk, privacy and compliance. His experience spans secure software development, business continuity, mainframe application development and support, forensics, and consulting in security and privacy. At Ensono, Charles is responsible for regulatory compliance, global data protection, enterprise risk management, Ensono assurance programs and audit assurance. Prior to joining Ensono, Charles was part of the Cybersecurity and Privacy practice at the Chicago office of PricewaterhouseCoopers (PwC), where he served clients in diverse industries. Charles graduated summa cum laude with a BSc. in Information Assurance from the University of Detroit Mercy. He holds a Graduate Fellowship in Health Information Technology – security & privacy concentration from the George Washington University, and has several professional certifications, including CISA, CISM, CRISC, CIPM, CHPSE and CHCSFP.