What Does it Mean to be TRUSTe Certified?
We’ve all been there. You get a letter in the mail informing you that, due to a data breach, your personal information was compromised and is now floating around on the dark web. Sometimes it’s fairly harmless information like your name and address. But more and more often, it includes sensitive information such as your social security number, account number, or passwords.
As a consumer, this sort of data breach erodes your confidence and trust in a company and may prompt you to move your business elsewhere. So it’s no surprise that data security and privacy compliance are primary concerns for our clients—no company wants to take a hit to their brand reputation or bottom line.
At More Vang, we process millions of data records a year, some with sensitive personal information. We take our role in your data security very seriously, which is why we have taken steps to become TRUSTe Certified. You may have seen the logo on our website, but in this post, we’ll go a little deeper on what this certification entails.
Being TRUSTe Certified means that our data practices meet the standards of the TrustArc Privacy & Data Governance Accountability Framework. This framework includes:
- EU General Data Protection Regulation (GDPR)
- ISO 27001
- U.S. Health Insurance Portability and Accountability Act (HIPAA)
- OECD Privacy Guidelines
- APEC Privacy Framework
The process to obtain our TRUSTe certification took several months and involved a thorough privacy assessment, remediation and extensive documentation. The evaluation covered the following areas to ensure that we continually meet the requirements for each.
Data Necessity
We aim to optimize data value by collecting and retaining only the data necessary for strategic goals. We leverage anonymization, de-identification, pseudonymization, and coding to mitigate data storage-related risks.
Use, Retention, and Disposal
We ensure data is used only as legally permissible and solely for purposes that are relevant to and compatible with the purposes for which it was collected.
Disclosure to Third Parties and Onward Transfer
We agree to preserve the standards and protections for data when it is transferred to third-party organizations and/or across country borders.
Choice and Consent
More Vang enables individuals to choose whether personal data about them is processed. We obtain and document prior permission where necessary and appropriate, and enable individuals to opt-out of ongoing processing.
Access and Individual Rights
Individuals can access information about themselves, to amend, correct, and as appropriate, delete information that is inaccurate, incomplete, or outdated.
Data Integrity and Quality
We assure that data is kept sufficiently accurate, complete, relevant, and current consistent with its intended use.
Security
We have systems in place to protect data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Transparency
We inform individuals about the ways in which data about them are processed and how to exercise their data-related rights.
Awareness and Training
Internally, we communicate expectations, and we provide general and contextual training to all More Vang team members.
Monitoring and Assurance
We continually monitor, and periodically assess and audit the effectiveness of our controls and risk-mitigation initiatives.
In addition, TRUSTe conducts ongoing compliance monitoring, and because we renew our certification each year, you can be assured that all compliance standards are accurate and up-to-date. If you’re interested in further documentation, we’re happy to provide an official Letter of Attestation upon request.