News Archives

Thursday, November 3, 2016

649 Companies Participating in Privacy Shield

According to HR Privacy Solution’s analysis of data on the Dept. of Commerce’s Privacy Shield website, 649 companies were listed as active participants in the EU-U.S. Privacy Shield framework as of close of business on October 31, 2016.  This is up from 107 companies participating by the end of August and 304 by the end of September.  

The analysis also revealed the following:

  • Of the 649 companies, 18 (3%) certified for HR data only, 144 (22%) certified for both HR data and non-HR data, and 487 (75%) certified for non-HR data only.
  • The 18 companies certifying for HR data only are largely not well-known:  Amplifinity, Babcock & Wilcox, CDK Global, Cornerstone OnDemand, DDB Worldwide, Edgeview Personal Care, Employment Screening Services, Fort Hill Company, HCR Software Solutions, i9Advantage, Kiran Analytica, Maseke, Perceptyx, PRO Unlimited, Recsolv (Yello), Tenneco and VWR.
  • Better-known companies on the list include:  Amazon, Avon, Babcock & Wilcox, Box, Brother, Ceridian, Cisco, Citrix, DDB Worldwide, Deloitte, Dropbox, Dun & Bradstreet, Eaton, Electronic Arts, Ernst & Young, Facebook, Google, Ingersoll Rand, Intuit, ITT, Kingston Technologies, Microsoft, Northrop Grumman, Omnicom, Oracle, Pinkerton, Salesforce, Tenneco, Tiffany, TRUSTe, Viacom and Workday.
  • Of these 32 better-known companies, all certified for non-HR data, except for Babcock & Wilcox, DDB Worldwide and Tenneco.
  • Of these 32 better-known companies, those not certifying for HR data included Amazon, Box, Brother, Cisco, Citrix, Dropbox, Dun & Bradstreet, Kinston Technologies, Oracle, Salesforce, Tenneco and TRUSTe.
  • There were an additional 858 covered companies listed in the certifications of the 649 Privacy Shield participants.
The analysis confirms an earlier finding that Privacy Shield is being used as a transfer mechanism overwhelmingly by smaller niche companies to legalize the import of non-HR data from Europe.  Only 5% of participating companies are better-known and only 25% are using Privacy Shield to import HR data.

The design of the DOC website makes analysis difficult and impractical.  For example, determination of the distribution of industry segments of participants would require inspection of each certification on an individual basis.  In addition, three months after launch, the website remains unstable and bug-ridden.  Seventeen companies are listed out of alphabetical order when searching letter-by-letter under Advanced Search.  Some companies, such as etleap, are not found at all when searched for individually.  Session history influences the results displayed when searching. The site disables a browser’s Back key, forcing a user to exit and re-enter the list when attempting to locate particular companies.  Is this the best that can be expected of government work?

No comments:

Post a Comment