Exco InTouch receives data security certification

Exco InTouch has formally received certification demonstrating it meets certain data privacy and security principles.

The ERT company announced it has received EU-US Privacy Shield Framework Self-Certification status by the US Department of Commerce’s International Trade Administration (ITA).

According to Exco InTouch, this means the company’s practices “meet or exceed” the data privacy and security principles outlined by US Department of Commerce and European Commission.

The framework provides companies with a “mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce,” per the Privacy Shield Framework website.

The framework recently replaced the EU-U.S. Safe Harbor Framework and on January 12, 2017, was approved by the Swiss Government “as a valid legal mechanism” to comply with Swiss requirements when transferring personal data from Switzerland to the US.

The privacy procedures outlined cover various requirements, including notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.

Dale Jessop, CTO of Exco InTouch, commented, “The EU-U.S. Privacy Shield Framework certification will not only help to streamline our data transfer processes between the EU and U.S., but will also provide our customers with further reassurance that we are fully compliant with the highest standards of data protection.”

Preparing for upcoming reforms

Exco InTouch also recently completed a HIPAA Privacy audit as it continues to prepare for impending data protection regulations.

In July 2016 the company announced it completed an independent compliance audit using National Institute of Standards and Technology (NIST) guidelines for the Health Insurance Portability and Accountability Act (HIPAA) – officially completing the auditing process for Privacy & Security.

Additionally, the company previously formed a strategic partnership with Regulatory Strategies, a data protection and compliance consultancy.