Last updated on April 24, 2014 at 16:36 EDT

TRUSTe and Promontory Launch Joint BCR Management Program

February 11, 2013

LONDON, February 11, 2013 /PRNewswire/ –

TRUSTe and Promontory today launched a joint BCR Management Program designed to make
it quicker, simpler and cheaper for businesses to prepare for compliance with the Binding
Corporate Rules (BCRs) regime, apply for authorisation from their Data Protection
Authority to use BCRs for international data transfers within their organisation, and
self-certify their ongoing BCRs compliance through the Program.

BCRs are designed to allow multinational companies to transfer personal data from the
European Economic Area (EEA) to their affiliates located outside of the EEA in compliance
with Data Protection Directive 95/46/EC. The most utilised current alternative to BCRs is
the use of the model contractual clauses approved by the European Commission. However, in
multinational companies with complex structures, there are drawbacks where hundreds of
contracts may be required to cover transfers between all affiliates, and keeping those
contracts up to date can be difficult and time consuming.

The new TRUSTe-Promontory BCR Management Program will be delivered and managed by
TRUSTe, the leading global provider of data privacy management solutions, based on a
framework developed by Promontory, a global regulatory compliance consulting firm. The
framework will help companies build their BCR application in a streamlined and consistent
manner. Once the application is approved by the relevant Data Protection Authorities, the
company will remain a member of the TRUSTe-Promontory BCR Management Program to evidence
and certify their ongoing compliance with BCR standards. This new program is designed to
offer organisations the combination of TRUSTe’s credibility and experience in developing
privacy certification programs and Promontory’s experience of European data protection
regulation and addressing corporate compliance around international data transfers.

“As the challenges of ensuring both regulatory compliance and good privacy practices
increase, BCRs are an ideal way for organisations to demonstrate compliance with European
data privacy standards when transferring and using customer and employee personal
information overseas. This new program we are launching with Promontory today should
encourage more organisations to take advantage of the benefits of BCRs and demonstrate
that they have good privacy practices at their heart of their business,” said Danilo
Labovic, EMEA Managing Director for TRUSTe.

Simon McDougall, Managing Director and Head of Promontory’s Privacy Practice said: “I
am delighted to be working with TRUSTe, who are global leaders in privacy self-regulation.
In an ideal world, all international firms would use Binding Corporate Rules when moving
personal data around their corporate group. However, many organisations currently see the
application process as complicated and expensive. The TRUSTe-Promontory BCR Management
Program will help make demonstrating BCR readiness cheaper, simpler and quicker. Members
of the program will able to demonstrate their commitment to good privacy governance, as
well as make their international data transfers easier.”

Notes to Editors

1 TRUSTe is the leading global provider of data privacy management solutions, offering
a broad suite of technologies and certifications to help companies build trust and
increase engagement across their online channels, including websites, mobile apps,
advertising, and cloud services. More than 5,000 companies, including top international
brands like Apple, eBay, LinkedIn and Microsoft, rely on TRUSTe to build trust and address
evolving and complex privacy challenges. TRUSTe(R) Certified Privacy Seal is widely
recognised and trusted by millions of consumers worldwide as a sign of responsible privacy
practices. For more information, please visit http://www.truste.co.uk

2 Promontory Financial Group, headquartered in Washington, D.C., is a global
consulting firm for regulated companies. The firm specializes in solving regulatory, risk,
controls, compliance, governance, capital, and liquidity issues. Promontory has offices in
London, Atlanta, Brussels, Denver, Dubai, Hong Kong, Milan, New York, Paris, San
Francisco, Singapore, Sydney, Tokyo, and Toronto. Eugene A. Ludwig, who served as U.S.
Comptroller of the Currency under President Clinton, founded Promontory in 2001. Visit us
at http://www.promontory.com and follow us on Twitter @PromontoryFG.

3 Binding Corporate Rules (BCRs) are designed to allow multinational companies to
transfer personal data from the European Economic Area (EEA) to their affiliates located
outside of the EEA in compliance with Directive 95/46/EC.

Applicants must demonstrate that their BCRs put in place adequate safeguards for
protecting personal data throughout the organisation in line with the requirements of the
Article 29 Working Party papers on Binding Corporate Rules.

Applicants apply to a Data Protection Authority (DPA) (decided by criteria related to
their location and business) who acts as their ‘lead authority’. If the lead authority is
satisfied, it then circulates the draft BCRs to other European DPAs, where those countries
are in scope of the application.

4 For TRUSTe EU media enquiries and interview requests please contact Eleanor
Treharne-Jones at The Conversation Co. on +44(0)7811-093648 or +44(0)20-7812-0664 or
e-mail eleanor@theconversationco.com

5 For Promontory EU Media Enquiries please contact Alex Brown at Weber Shandwick
Worldwide on +44(0)20-7067-0732 or abrown@webershandwick.com


Source: PR Newswire