The European Union’s (EU) mid-2020 announcement that Privacy Shield was no longer considered adequate assurance for privacy information resulted in Esri immediately stepping up and modifying our Data Processing Addendum (DPA) to include Standard Contractual Clauses (SCC’s). When the EU completed draft Supplementary Measure guidance, Esri immediately drafted a set our Supplementary Measures appropriate for our offerings.
As of this week, Esri’s DPA now contains the current SCC’s in additional to our Supplementary Measures based on EU’s recommendations. Since our annual Privacy Shield certification expires April 15th this year, we also felt it the appropriate time to withdraw from the program and transfer to an International Privacy Verification Program managed by TrustArc to further strengthen our support of strong privacy assurance for our customers.
You may have noticed, we also updated our ArcGIS Trust Center content to reflect this change, including new GDPR, CCPA, and even HIPAA subpages to the Privacy section of the site. What is that about HIPAA you ask? That’s right, we now have an ArcGIS Online HIPAA Eligible Geocoding service, with more to come. We have panel discussion about this new capability at the upcoming Esri Health and Human Services GIS Conference next week.
If you have any questions about these advancements of our product privacy program, feel free to reach out to our Software Security & Privacy team – SoftwareSecurity@esri.com.
- Esri Software Security & Privacy