If you’re an EasyDMARC customer, you know that we value your security like we do our reputation. As a U.S.-based company, we strive to protect both our domestic and international clients. Thus, protecting your data regardless of your location is a must for us.
In December 2021, we renewed our Data Privacy Shield Certification. It’s one of the basic protective mechanisms we employ to ensure you feel safe collaborating with us to improve your email infrastructure.
Let’s see what U.S. Privacy Shield Certification covers and what it means for EasyDMARC customers.
What is Privacy Shield Compliance?
Privacy Shield Compliance is a framework between the U.S. Department of Commerce, the European Commission and the Swiss Administration. It provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Certified companies are deemed to have “adequate” privacy protection throughout E.U. Member States and in Switzerland. Essentially, it eases the legal process, possible discrepancies, and time lost if a company were to pass all the separate state requirements.
The framework adheres to the following principles:
- Notice: Companies must notify relevant authorities of their Privacy Shield Compliance.
- Choice: Compliant businesses must allow individuals to opt out from disclosing their information to third parties if the information is used for another purpose other than the reasons intended.
- Accountability for onward transfer: The Privacy Shield Compliant organization that shares personal information to third parties is still responsible for the compliance of the latter.
- Security: Companies must protect personal data from misuse, loss, alteration, unauthorized access, disclosure, and destruction.
- Data integrity and purpose limitation: The collected data must be kept current, complete, and accurate. Additionally, companies are required to keep their usage purposes limited.
- Access: Data subjects (clients) must have access to their own data to change, correct, or delete.
- Recourse, enforcement, and liability: Individuals affected by non-compliance can seek assistance within the framework.
An additional 16 “Supplemental Principles” expand on this framework but the above presents the gist of Privacy Shield Compliance.
How Does the Privacy Shield Compliance Impact EasyDMARC Customers?
As a B2B company based in the United States, EasyDMARC works with a large amount of customer data from all over the world. We also cover MSP and MSSP email security, which puts a larger responsibility on us in terms of impact. After all, our company’s choices in personal information protection spread to the customers of our customers as well.
In the case of Privacy Shield Framework, our E.U. customers (and their customers) can rest assured that their personal data is safe with us.
What’s Next?
First of all, we plan to stay on top of our GDPR compliance and Privacy Shield Compliance, adhering to the standard recertification schedule.
Second, those who’ve been following us will know that we’ve acquired our SOC 2 certification in 2021 as well, accepting the five “Trust Service Principles” laid out in the accreditation process. Another step towards more transparency was publishing our SOC 3 Report in the same year.
Another standard we’re considering in 2022 is the ISO/IEC 27001, which provides requirements for an information security management system.
All these steps reestablish our central policy to protect our clients by all the available means.