1.

What are the key provisions of the Privacy Shield Framework agreement

between the United States and the European Union?

Nine months after the invalidation of the Safe Harbour Agreement, the

European Commission (EC) confirmed that the new EU-US Privacy Shield

affords adequate protection to the privacy of EU citizens. The framework

imposes stronger obligations on US companies and requires the US govern-

ment to more robustly enforce the new provisions and monitor their

implementation.

The Privacy Shield aims to ensure a stronger protection for the personal data

of EU citizens, when transferred to the USA. In practice, US companies will

self-certify annually to meet the Privacy Shield requirements, while individuals

will be able to make use of new complaints and redress mechanisms if their

data is not adequately processed.

2. What are some common questions that organizations should ask when

considering outsourcing information storage, processing, or transmission?

- What types of sensitive information are stored, processed, or

transmitted by the vendor?

- What controls are in place to protect the organization's information?

- How is our organization's information segregated from that of other

clients?

- If encryption is relied on as a security control, what encryption

algorithms and key lengths are used? How is key management

handled?

- What types of security audits do the vendor perform and what access

does the client have to those audits?

- Does the vendor rely on any other third parties to store, process, or

transmit data? How do the provisions of the contract related to security

extend to those third parties?

 - Where will data storage, processing, and transmission take place? If

outside the home country of the client and/ or vendor, what implications

does that have?

- What is the vendor's incident response process and when will clients be

notified of a potential security breach?

- What provisions are in place to ensure the ongoing integrity and

availability of client data?

3. What are some common steps that employers take to notify employees of

system monitoring?

- The best way to do this is to consider why you are implementing

monitoring and what you hope to achieve with monitoring software.

Based on these assumptions, you can develop employee monitoring

policies that specify what and how you intend to monitor. Once your

policies are in place, you can discuss system monitoring with your

employees.

- It is your responsibility to provide your employees with all of the

information they require, as well as your support and respect. Also,

avoid blaming your employees or making them feel trapped in your

organization.

- You should explain to your employees the benefits of the monitoring

system, not just the benefits to the company. Another critical step is to

obtain the consent of all employees to the monitoring process. It

shouldn't just be a checkbox on the computer. To protect yourself from

legal charges, it should be an actual signature, either online or on a

printed copy of the monitoring policies.

- Finally, but most importantly, select the appropriate monitoring software.

You should not recreate the "Big Brother is watching you" mood. Even if

you decide to monitor, respect your employees' privacy and ensure the

security of their passwords and other personal information.