How to Choose an ENS Solution, Part 2: Compliance with EU Privacy Regulations
In the first post of our series on how to choose an emergency notification system (ENS), we started with a basic truth: most ENS solutions are created equal. This is essentially a commoditized market, which means that you need to look long and hard to understand the nuances between different products and vendors. That’s the goal of this series: to help you go behind standard features and functionality to consider the “little” things that make a big difference. We’ve also put together a comprehensive Buyer’s Guide to help you determine the best solution for your organization.
Today we’ll look at the implications of the EU-US Privacy Shield on your emergency notification system decision.
A Brief History of Safe Harbor and the EU-US Privacy Shield
First, some background. The EU-US Privacy Shield is a framework for the international exchange of personal data implemented in 2016. It grew from the international Safe Harbor Privacy Principles, a separate set of guidelines originally developed between 1998 and 2000 to prevent private organizations from accidentally revealing personal information. The Safe Harbor Decision, the backbone of the principles, dictated that only US companies that complied with the principles and registered their certification that they met the EU requirements were allowed to transfer data from the EU to the US.
The European Court of Justice overturned the Safe Harbor Decision in 2015, invalidating it essentially on the grounds that public institutions had too much access to private data. The EU-US Privacy Shield is the next iteration. It aims to protect EU citizens while “enabling US companies to more easily receive personal data from EU entities. ”It too is currently up for debate, but whether the agreement itself stands, the situation that it represents isn’t going away. The EU will continue to demand tighter regulations on personal data, and US companies that deal internationally must be prepared to contend with them.
Why You Should Care About EU Privacy Regulations
What does this have to do with mass notification systems? Quite a bit. Emergency notification systems only work when they contain ample, accurate personal data. Without it, the system can’t reach your people effectively, rendering it worthless. But that personal information must also be protected.
Many emergency notification systems struggle to filter data that comes from recipients in the EU and cannot guarantee that they can keep that data from being shared outside the EU. This can get complicated quickly, whether you need to reach employees in the EU with your ENS (for instance, in the case of a company-wide announcement or IT failure) or even if you only intend to use your ENS domestically, but the systems with which it is integrated contain data from employees in the EU.
How AlertFind Addresses International Privacy Regulations
AlertFind makes it simple to comply with EU privacy regulations like the EU-US Privacy Shield. We maintain two Amazon Web Services (AWS) backbones, one in North America and one in the EU, to ensure that data is never intermingled or exchanged. If your business requires compliance with EU guidelines, you can rely on Aurea to deploy your services on the EU AWS instance to prevent risk to your organization. And, because AWS is a highly available and redundant backbone, you can rest assured that not only is your data protected, but it is always ready to be put to use in an emergency.
At AlertFind, we are passionate about our customers’ confidentiality. The fact is, emergency notification systems run off of a tremendous amount of personal data, opening the door for vendors to benefit in potentially unsavory ways. Regardless of regulations, no matter where your people and data are located, we consider the private information of our customers and their recipients absolutely sacrosanct. As such, we never sell, share, trade, or otherwise expose the contact information of any AlertFind customers or their end users.
If you do business and/or have employees in the EU, it’s important to consider EU privacy regulations in your evaluation of mass notification systems. While the baseline features of various products may be the same, data protection often isn’t. Ask your emergency notification vendor how they protect your organization from the risks of non-compliance, or get in touch to learn more about our approach at AlertFind.