Among other requirements, a participating organization must provide you:
  • Information on the types of personal data collected
  • Information on the purposes of collection and use
  • Information on the type or identity of third parties to which your personal data is disclosed
  • Choices for limiting use and disclosure of your personal data
  • Access to your personal data
  • Notification of the organization’s liability if it transfers your personal data
  • Notification of the requirement to disclose your personal data in response to lawful requests by public authorities
  • Reasonable and appropriate security for your personal data
  • A response to your complaint within 45 days
  • Cost-free independent dispute resolution to address your data protection concerns
  • The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the Principles to you and that has not been resolved by other means

As we work with our partners in the European Union and Switzerland to implement the Privacy Shield, we will provide additional information to help EU and Swiss individuals understand and exercise their rights.