Exco InTouch Certified to EU-U.S. Privacy Shield Framework Self-Certification Status

Designation demonstrates compliance with the highest standards of data protection

Exco InTouch (an ERT company) a leading provider of digital patient engagement and data capture solutions for clinical research and healthcare providers, has formally received EU-U.S. Privacy Shield Framework Self-Certification status by the U.S. Department of Commerce’s International Trade Administration (ITA). The designation certifies that Exco InTouch’s practices meet or exceed the data privacy and security principles outlined by U.S. Department of Commerce and European Commission.

The Privacy Shield framework, which replaces the EU-U.S. Safe Harbor Framework, is designed to provide companies in both Europe and the United States with a mechanism to comply with EU data protection requirements when transferring personal data from the EU to the U.S. In order to receive the certification Exco InTouch demonstrated that its customer privacy procedures comply with the Privacy Shield Principles, which cover a range of requirements including Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. As a result, Exco InTouch’s customers, for whom the company provides mobile patient engagement, data capture and disease management solutions, can continue to be assured that their programs comply with these stringent privacy and security safeguards.

“Protecting the privacy and confidentiality of personal information has always been, and will remain, the highest priority for Exco InTouch,” says Dale Jessop, CTO of Exco InTouch. “The EU-U.S. Privacy Shield Framework certification will not only help to streamline our data transfer processes between the EU and U.S., but will also provide our customers with further reassurance that we are fully compliant with the highest standards of data protection.”

About EU­-U.S. Privacy Shield Framework

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination).

The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield Framework in order to benefit from the adequacy determination. To join the Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law.