EU-US Privacy Shield~by Paul Harris, Global-Z Marketing Manager

Are you ready for the new Privacy Shield regulations? The new EU-US agreement is bringing some major changes for American businesses that process European customer data. While many more questions are yet to be answered about Privacy Shield’s impact, we collected the top most frequently asked questions to help you better understand the regulations.

 

 

  • What is Privacy Shield?
    • On July, 12th 2016 the European Commission (EC) adopted the new EU-U.S. Privacy Shield (formerly known as EU-US Safe Harbor). The new Privacy Shield framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States, as well as bringing legal clarity for businesses relying on transatlantic data transfers.
    • Privacy Shield is a voluntary self-certification to the US Department of Commerce. Once a company publicly commits to Privacy Shield, it is enforceable under US law. It includes multiple avenues of redress to resolve complaints. The agreement is a ‘living commitment’ with annual reviews. Companies who certify with Privacy Shield must select an independent dispute resolution organization that include the following criteria.
      • Panel created by the EU Data Protection Authorities (DPA’s).
      • Accredited organization in EU.
      • Accredited organization in US.
  • What are the principals Privacy Shield is based on?
  • How does it affect my business?
    • From the perspective of U.S. companies, the framework has tightened restrictions on forwarding Europeans’ personal data to other companies. In the technology sector in particular this is going to require a lot more attentiveness on the part of those directly serving Europeans. The companies serving the customers will remain responsible for their personal data, even if the work is outsourced by subcontractors. Companies on the Privacy Shield register will also have to pledge to not collect more personal information that what they need for the purposes of their service.
  • When can we certify with Privacy Shield?
    • Going forward the Privacy Shield framework will be published in the US Federal Register. Once US companies have had an opportunity to review the framework and update their compliance, they will be able to certify with the US Department of Commerce starting August, 1st 2016. Companies should also assess Privacy Shield’s impact on their EU-U.S. data transfer strategy. In particular, there is a limited “grace period” available in that companies who self-certify within two months of Privacy Shield’s effective date will be given a nine month transitional period to address relationships with third parties.
  • Will it cost me to certify?
    • The total cost estimates are still unknown but costs will depend on your business size and a fee charged by your independent dispute resolution organization.
  • Does the recently announced “Brexit” (British exit from the EU) impact the new framework?
    • No, Brexit will have no immediate impact on Privacy Shield. The exit is expected to take at least two years minimum to fully occur and if changes happen within that timeframe, we will be sure to let you know.
  • Should I seek legal counsel?
    • Privacy Shield will be complex; we strongly recommend consulting legal counsel with international privacy law expertise.  If you would like to discuss Privacy Shield in greater detail and/or the specific impact on your company feel free to contact us any time.

For more information regarding the Privacy Shield framework please see the US International Trade Administration’s press release. Also, the US Department of Commerce has issued a “Fact Sheet” overview of the EU-US Privacy Shield Framework it can be viewed here.

EU-US Privacy Shield(Note: This article is an update on our first article about Privacy Shield posted in the February  2016 edition of GZ News.)

~by Paul Harris, Marketing Director

On July, 12th 2016 the European Commission (EC) adopted the new EU-U.S. Privacy Shield. The new Privacy Shield framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States, as well as bringing legal clarity for businesses relying on transatlantic data transfers.

Global-Z CEO and Co-Founder Dimitri Garder said: “In the upcoming weeks and months we will update our clients and partners regarding how the new Privacy Shield framework will impact our global data processing solutions.”

According the press release issued by the European Commission, EU-U.S. Privacy Shield is based on the following principles:

  • Strong obligations on companies handling data. The U.S. Department of Commerce will conduct regular updates and reviews of participating companies, to ensure they follow the rules they submitted themselves to. If companies do not comply with them, they face sanctions and removal from the list. The tightening of conditions for the onward transfers of data to third parties will guarantee the same level of protection in case of a transfer from a Privacy Shield company.
  • Clear safeguards and transparency obligations on U.S. government access. The US has given the EU assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms. Everyone in the EU will, also for the first time, benefit from redress mechanisms in this area. The U.S. has ruled out indiscriminate mass surveillance on personal data transferred to the US under the EU-U.S. Privacy Shield arrangement. The Office of the Director of National Intelligence further clarified that bulk collection of data could only be used under specific preconditions and needs to be as targeted and focused as possible. It details the safeguards in place for the use of data under such exceptional circumstances. The U.S. Secretary of State has established a redress possibility in the area of national intelligence for Europeans through an Ombudsperson mechanism within the Department of State.
  • Effective protection of individual rights: Any EU citizen who considers that their data has been misused under the Privacy Shield scheme will benefit from several accessible and affordable dispute resolution mechanisms. Ideally, the complaint will be resolved by the company itself; or free of charge Alternative Dispute resolution (ADR) solutions will be offered. Individuals can also go to their national Data Protection Authorities, who will work with the Federal Trade Commission to ensure that complaints by EU citizens are investigated and resolved. If a case is not resolved by any of the other means, as a last resort there will be an arbitration mechanism. Redress possibility in the area of national security for EU citizens’ will be handled by an Ombudsperson independent from the US intelligence services.
  • Annual joint review mechanism: the mechanism will monitor the functioning of the Privacy Shield, including the commitments and assurance as regards access to data for law enforcement and national security purposes. The European Commission and the U.S. Department of Commerce will conduct the review and associate national intelligence experts from the U.S. and European Data Protection Authorities. The Commission will draw on all other sources of information available and will issue a public report to the European Parliament and the Council.

Next steps: Privacy Shield framework will be published in the US Federal Register. The U.S. Department of Commerce will start operating the Privacy Shield. Once US companies have had an opportunity to review the framework and update their compliance, companies will be able to certify with the Commerce Department starting August 1st. Companies should assess Privacy Shield’s impact on their EU-U.S. data transfer strategy. In particular, there is a limited “grace period” available in that companies that self-certify within two months of Privacy Shield’s effective date will be given a nine month transitional period to address relationships with third parties.

Please see the US International Trade Administration’s press release for additional information.

Bad_Habits~by Katie Favreau, Jennifer Martell & Paul Harris

We know good data when we see it, and we also know when it’s not so good. That’s why we decided to give you some insight to some of our top “Bad Data Habits” that we see frequently in global databases. Here are some of the our top bad habits.

Recieve A Free Data Assessment

  • Trying to store international addresses in a database meant for USA.

This habit is common on data capture forms that were designed without consideration for global address systems. All address systems are not the same and when you have a required “state” field in a country that doesn’t have any states, you’re bound to end up with a some data problems. Do your homework and know your market. If the database you’re creating will reach a global customer, you should consider how the data will be entered and stored.

See the example below of a good global data capture form.Global Data Capture Form

  • Proper fielding when data entering is essential.

The best example here is not requiring a “country” field. If a contact has only a street address and name without an identified country, that makes the address not correctable. Our earth has many people and without some essential data points, it’s like finding a needle in a really big haystack.

  • Excel corrupting data.

Excel is without a doubt a powerful tool. However, sometimes it’s not your friend. Simple commas can corrupt your data fields if you’re not careful. We’ve seen excel do some funky things in the past and we recommend you are very careful when storing data in excel. The more data you have, the more chances you have for excel to corrupt it.

See the video below for an example of how excel can corrupt your data with its autocorrection rules.

  • Placing contact names and business names in the same field.

This is a no-no that needs to be nipped in the bud fast. These data points should always be in separate fields. Here is an example, First Name: Paul, Last Name: Harris, Company Name: Global-Z International. You shouldn’t have “Paul Harris Global-Z International” all in one field.

  • Searching for a Niche Group - Magnifying GlassNot checking for dupes when new data is entered.

Duplicate data becomes unmanageable fast. A quick check before a new record is entered in a database will prevent much anger and confusion in the long run. Nothing slows you down like doing a look-up on the name “John Smith” only to find you have 13 different “John Smith” records and all of them have conflicting information populated in the fields.

Recieve A Free Data Assessment

 

Global-Z International recently launched a new Global Name Standardization Solution that services all countries in the world. The new service is a best-in-class solution that provides valuable information to clients who care greatly about the user experience and want to get the gender references right. Global Name Standardization will identify, with a high rate of accuracy, the gender of all records in large global datasets.

The driving use case for this new solution is to clean up messy name data in order to improve data record matching rates.  Another service benefit is to improve the presentation of name information for CRM and direct marketing content.

Many improvements have been made to the Global Name Standardization solution that makes it the most competitive service in the global market. Some of the major improvements include:

  • Updated global name reference data;
  • Improved statistical data on usage of names of given gender;
  • Language-specific gender usages;
  • Usage from census information and additional sources of name data.

“We are advancing the global capabilities to a level of sophistication that some domestic solutions have had for awhile,” said Dimitri Garder, Global-Z’s CEO. “This is part of an ongoing evolution of our customer contact data solutions,” Garder added.

The Global Name solution also includes some unique features that have some exciting and potentially powerful use-cases. These features include:

  • Unisex name identification. This can be used when you have names in the data that tend to be male in one language, but female in another. The name “Jean” is a classic example. “Jean” is a female name in the English language but in French culture, it’s a male name.
  • Alternate name spelling conversions to common names. An example for this use case is the nick-name “Will” can be swapped for the given name of “William.”
  • First and last name swap ability. This feature can swap first and last names if they are reversed based on a statistically assessment of likelihood. Example: “Smith, John” we will changed for “John, Smith.”
  • Name Culture of Origin Identification. The feature can determine statistical likelihood of a names culture of origin.

“We are excited to add this new name solution to complement our suite of growing services,” said Garder.

Related articles:

Personal Names Around The World

Merging and Matching Records

 

EU-US Privacy Shield(Note: This article is an update on our first article about Privacy Shield posted in the February  2016 edition of GZ News.)

~By Ted Haas, Global-Z Chief Marketing Officer (CMO)

On February 2nd, 2016 the US Department of Commerce and European Commission issued a press release that outlined some key changes to the EU-US Safe Harbor; now dubbed the “Privacy Shield.”   This agreement replaces Safe Harbor, which was declared invalid on October 6th, 2015.

Here are some of the key updates since this major decision has been announced.

 

EU-US_Safe_Habor_Dates

 

Overview: What is Privacy Shield?

  • It is a robust framework under which personal data of EU individuals will be protected when it is transferred to the US.
  • It replaces Safe Harbor –declared invalid by EU Court October 6th, 2015.
  • It is a voluntary self-certification to the US Dept. of Commerce.
  • Once a company publicly commits to Privacy Shield, it is enforceable under US law.
  • It includes multiple avenues of redress to resolve complaints.
  • Privacy Shield companies must select an independent dispute resolution organization.
    • Panel created by the EU Data Protection Authorities (DPA’s).
    • Accredited organization in EU.
    • Accredited organization in US.
  • There are special provisions for HR personal information.
  • It is a ‘living commitment’ with annual review.
  • Privacy Shield will be effective with final approval of European Commission (est. June 2016).

 

7 Principles and 16 Supplemental Principles define the core provisions of the Privacy Shield framework.

Main Principles:

  1. Notice
  2. Choice
  3. Accountability for Onward Transfer
  4. Security
  5. Data Integrity and Purpose Limitations
  6. Access
  7. Recourse, Enforcement and Liability

 

16 Supplemental Principles:

  1. Sensitive Data
  2. Journalistic exceptions
  3. Secondary Liability
  4. Performing Due Diligence and Conducting Audits
  5. Role of the Data Protection Authorities
  6. Self – Certification
  7. Verification
  8. Access
  9. Human Resource Data
  10. Obligatory Contracts for Onward Transfers
  11. Dispute Resolution and Enforcement
  12. Choice-Timing of Opt Out
  13. Travel Information
  14. Pharmaceutical and Medical Products
  15. Public Record and Publicly Available Information
  16. Access Requests by Public Authorities

If you would like to discuss Privacy Shield in greater detail and/or the specific impact on your company feel free to contact us any time.

The US Department of Commerce has issued a “Fact Sheet” overview of the EU-US Privacy Shield Framework it can be found here.

Privacy Shield will be complex; we strongly recommend consulting legal counsel with international privacy law expertise.

LockThe US Department of Commerce and European Commission issued press releases this week (Tuesday, Feb 2, 2016) that outline some key changes to the EU-US Safe Harbor; now dubbed the “Privacy Shield.”   This agreement replaces Safe Harbor which was declared invalid October 6, 2015.

Privacy Shield Summary

While the new accord still needs to be reviewed by the Article 29 Working Party and the College of Commissioners, but assuming it remains substantially the same, we can expect the following:

  • More stringent obligations on companies handling Europeans’ personal data and more robust enforcement
  • EU individuals will have access to multiple avenues to resolve concerns, including through alternative dispute resolution at no cost to the individual.
  • The Privacy Shield includes new contractual privacy protections and oversight for data transferred by participating companies to third parties or processed by those companies’ agents to improve accountability and ensure a continuity of protection.
  • Clear safeguards and transparency obligations on U.S. government access.  The US has agreed to an annual joint review with the EU, including with respect to national security access to personal data.

The details currently available are included in press releases issued by the European Commission and the US Department of Commerce; a summary and related links to the releases are here:

Global-Z expects the Commission and FTC will make the entire agreement publicly available soon. After our review of the fully-published agreement, Global-Z will provide you with another update. Importantly, US companies will need to review the new Privacy Shield program carefully before deciding to commit to it.

We will continue to keep you posted. If you have any questions please feel free to contact us.

200261368-001With the addition of US data quality services to our industry leading international services Global-Z now offers one of the best ‘Global” solutions in the market.

For the last two decades Global-Z has been the market leader in data processing for international data quality. Our depth of application knowledge, advanced multi-byte writing system capabilities and flexible service delivery options gives us the cutting edge to serve our clients better than any other competitor. International contact data quality is at the core of what we do and it’s who we are.

For the last few years we have observed a market shift. The marketplace is becoming much more internationally integrated and our clients have a growing preference for one-stop solutions for global needs, including cross border recognition.   

In order to become the best, one-stop shop for global customer database cleansing, Global-Z has   added US data processing to our capabilities set. Now we have a complete range of services that will add value to our clients who prefer to work with a single vendor for a comprehensive global solution.

“Adding US data quality to our capabilities adds significant value for our clients who have   global needs,” said Dimitri Garder, Global-Z Executive Vice President. “Our primary strength has always been, and always will be, international data processing, however, now we are able to offer a more comprehensive solution worldwide.”
If you have any questions about our US processing capabilities please contact us. We’re happy to help.

UPU_Logo

BENNINGTON, VT., October 22nd, 2015 — Global-Z International announced today its CEO and Co-Founder, Dimitri Garder, has accepted an invitation to be a guest speaker at a new Global Addressing Conference hosted by the Universal Postal Union (UPU) in Berne, Switzerland, on October, 26th – 27th during the UPU Council of Administration session.

The UPU organized this event with the goal of exploring how to extend access to global address infrastructure. The two-day event will discuss new ways for addresses to be developed and implemented faster and at lower cost, in particular through the use of new technologies.

The conference schedule:

  • Day 1: Will focus on illustrating the economic and social value of address infrastructure; as well as on reviewing innovative solutions and tools that facilitate address management and access to spatial information.
  • Day 2: Will be devoted to building capacities through a hands-on session, focused on real examples of up-to-date, user-friendly addressing system models

“I’m excited to be part of this important discussion,” said Dimitri Garder, Global-Z CEO.          “We are happy to share our 25+years’ experience helping companies improve global address databases and location technologies. Global address access and quality are becoming increasing more important for economic growth as the world markets become more interdependent.”

About Global-Z International

Global-Z International was founded in 1989 focused on improving customer data quality and intelligence in global markets.  Today Global-Z serves some of the largest global enterprises with customized international data quality solutions for their marketing, customer relationship and master data management needs.

Global-Z International, Inc., is headquartered in Bennington, Vermont with offices and operations in the US, Canada and Japan.

For more information, please contact Paul Harris at:

+1.802.445.1011 Ext. 215 Phone

+1.802.445.1016 Fax

pharris [at] globalz [dot] com

www.globalz.com

Canada~by Paul Harris, Sales & Marketing

It’s no surprise that data privacy has become a big concern for many global companies. That’s why Global-Z goes above and beyond to assure your data remains secure and private, while allowing our services to add significant value to your global data.

Canada Post, our partner for providing Canadian National Change of Address (NCOA) services, recently announced some changes to their rules for NCOA processing. These policy changes would have had restricted us from returning some of the valuable fields we normally give to our customers after NCOA processing, specifically the Change of Address Notification (COAN) type and the Record Type fields. When we heard of the new policy change, we began to collaborate with Canada Post in order to reach a solution that will allows us to provide our customers with these valuable fields while keeping the data safe.

“Our relationship with Canada Post is strong,” said Dimitri Garder, Executive VP of Global-Z. “We have successfully worked with Canada Post to create a better solution that fits their need, and fits the best interest of our customers.”

“It’s predictable that many data vendors will change policies in the future,“ stated Doug Robinson, Global-Z’s Chief Technology Officer.  “Our job is to look out for everyone’s best interest as best we can.”

Want more information about Canadian NCOA services? Please contact us.

~by Paul Harris, Sales and Marketing Assistant

Merry Law, Address Data Quality Expert

Global-Z recently had the opportunity to catch-up with our longtime friend Merry Law. Merry is the President of WorldVu LLC, the editor of the Guide to Worldwide Postal-Code and Address Formats and author of Best Practices for International Mailings.

Here are some highlights from our conversation.

Global-Z: Why is it so important to for marketers to have good address quality anyway? 

Merry: Correct addresses are important in two ways: delivery (of course) and perception.

For delivery, a completely incorrect address or one that can’t be understood is not deliverable.   This can mean an invoice, a marketing offer, or a product doesn’t arrive.  Each of those creates different problems and costs before the mailing (printing, packaging, postage) and after the item doesn’t arrive (following up, reshipping products or processing refunds, and so on.)

If the address is decipherable and gets delivered, it can take extra time to get there.  (That can means delayed payments with invoices, slow order streams with marketing offers, or customer complaints with products.)  A poor address also sends a poor message to the recipient about your company.  The company is not professional, is ill-informed, and doesn’t know what they are doing.

 

Global-Z: It’s almost comical to highlight the importance of mail being delivered correctly. Do you think many marketers are ignoring address data quality issues, or do they not have the resources/time to deal with it?

Merry: Yes, isn’t it! I think many marketers and other mailers aren’t aware of all the resources available for verifying and correcting international addresses or don’t know how cost effective those services can be.  Some mailers tell me that the cost of the address hygiene services are often made up for in savings from wasted printing, postage and processing required by undelivered mail.

The same is true of the time element. The amount of time a staff is involved in dealing with returned and undeliverable mail can be greater than the staff time required by the address hygiene process.   And, the old issue of who pays for the hygiene comes up, although we know that the artificial silos between marketing, IT, and other departments on issues like address quality are counter-productive.

There’s sometimes an issue of convincing top management to invest in address hygiene.  Companies like Global-Z help demonstrate how you will benefit from address hygiene.

 

Global-Z: In 2013, you made predictions about the future of marketing. Looking back, which trends do you think will continue this year?

Merry: I think my predictions from last year have held up pretty well, although the growth in international has been a bit slower than I expected.  The restrictiveness of Canada’s legislation on email privacy was a surprise but I don’t think we will see other countries follow this path.  Indeed, the Canadian government is seeing some problems with the strictness of the regulations.

The exploration of big data and integrated, multichannel marketing (by any name) will, I think, be the ones that get the most attention from marketers this year.  The USPS discount offers for qualifying mailings that integrate digital into a mail piece are a wonderful development.  These have now been continued and expanded.  (See here for details.)

 

Global-Z: How would you describe the current state of the direct mail industry?

Merry: While there’s been a tremendous shift  to move away from mail over the last decade, there seems to be a recent move back to direct mail.  Mail works.

Internationally, there are generally fewer legal and practical limitations on sending mail than there are on email marketing.  Mail also reaches everyone, everywhere.  Studies suggest that people spend more time looking at a piece of printed mail than they do looking at an email.  As all marketers know, those seconds matter to the response rate.

 

Global-Z: What’s new at WorldVu? Are you working on any new projects that you are excited about?

Merry:   I have been doing more writing and speaking.  I am speaking more often on best practices for international mailing.  I recently presented a paper on The Value of Addresses, discussing their economic and financial value, at conferences in France and the U.S.  It’s an interesting topic that’s often neglected by both companies and by governments.  Perhaps if addresses were a balance sheet asset, top management would better understand the need to spend on address hygiene and maintenance.