News Archives

Wednesday, August 31, 2016

107 Companies on Privacy Shield List in First Month

A review of the Department of Commerce’s Privacy Shield List, conducted after close of business on Wednesday, August 31, 2016, shows that 107 companies have had their self-certification information posted by the DOC.  The List reports the existence of an additional 62 covered entities, presumably affiliates of the 107 companies (although this number is suspect, given that the alleged covered entity of two companies on the “W” page, Whiteboard Ventures and Workday, is self-referential).   In any event, Privacy Shield has a long way to go before it can claim a buy-in comparable to that of Safe Harbor, which had at least 3,500 companies listed as participants.

Surprisingly, only 24 of the 107 companies (22%) have certified for HR data, whereas HR certifications for Safe Harbor were above 50%.  Only three of the 107 companies certified only for HR data (Employment Screening Resources, Perceptx and RECSOLU), although all three may have erred in claiming they are processing HR data when it appears that they are only processing data of clients who have employees in the EU. 

Only a few companies are well-known, including Microsoft, Salesforce and Workday.  The other 104 companies appear to be smaller niche firms, although sometimes unknown companies prove to be quite substantial.  Media reports suggest that there are hundreds of self-certifications in the pipeline, a number likely to grow as the October 1 deadline approaches for securing the nine-month grace period with respect to third party agents.

As a website, the Privacy Shield List is best described by technical terms:  slick, but lame. The Previous and Next buttons yield strange results, if any.  Under Advanced search one has to click through each individual letters of the alphabet to view all the participants, since the “All” choice is not working.  The four filters yield the same frustrating limits to showing results by letter of the alphabet.  Three of the filters (Participation Status, Covered Data and Framework) are worthless. For all of the supposedly careful review of submissions, parenthetical remarks (such as ‘we revised the policy on August 3, but didn’t post it until the 15th’ and “Thank you”) are included in policy descriptions.  Companies appear under the wrong letter of the alphabet (Etleap with the D’s; Visible Health in the E’s; Employment Screening Resources in the I’s).  There are doubtlessly other problems undetected as well.  

No comments:

Post a Comment