By Victor Ojukwu, Product and Privacy Counsel
If you’ve paid attention to the recent developments in privacy laws, you know there are many moving parts. In the E.U. alone, there’s much to consider — from the GDPR, the ePrivacy Directive, and Schrems II to a potential new Privacy Shield 2.0. Outside of the E.U., Brexit has resulted in the U.K. having its own version of the GDPR; the U.S. has five new state privacy laws becoming effective in 2023 (along with almost 20 states with active privacy bills and rumors of a national privacy law), and countries around the globe seem to be prioritizing national privacy legislation.
As technology develops and personal data becomes more commoditized, countries worldwide are taking concrete steps to regulate it. At Forter, we know trust is paramount for customers across all sectors. We understand that the first step in building that trust is navigating this ever-changing web of privacy laws and regulations, securing our customers’ personal data, and communicating how these efforts affect them.
The Forter Difference
As a trust platform, Forter takes privacy and security seriously, and securing our customers’ data is paramount. We’ve taken concrete steps to ensure we remain in compliance with applicable privacy laws, regulations, and industry standards globally, and our team is constantly monitoring these areas to ensure that we are keeping pace with new developments.
One thing that sets Forter apart is how we use personal data. Forter only uses our customers’ personal data to provide services aimed at combating fraud and abuse to our customers. We don’t sell our customers’ personal data to anyone, and we don’t use this data for any other purposes. Recognizing the importance of combating online fraud and abuse, many regulators around the world have built exceptions into their privacy regulations where data is used solely for fraud prevention or where data is used to provide services that advance the public interest. By limiting our use of data to these purposes, we can leverage these exceptions to justify our processing.
In addition to limiting our use of data in line with the requirements of global privacy laws, we have taken a number of steps to ensure our data processing aligns with regulatory requirements and industry best practices. For example, in response to recent regulatory action in Europe, we have drafted a Data Transfer Impact Assessment (DTIA) to evaluate the transfer of personal data to the U.S., where we store our data, and have adopted a number of supplementary measures in accordance with EDPB guidance.
We’ve done in-depth analyses of privacy laws and regulations that are most relevant to our business, like the GDPR, the ePrivacy Regulation, the CPPA (as amended by the CPRA), and China’s PILP, CSL, and DSL, and have aligned our internal policies and practices with the requirements of these regulations. Furthermore, recognizing the ever-increasing regulatory scrutiny given to A.I. globally, we have proactively developed an Ethical A.I. Framework to ensure we use A.I. ethically and in line with proposed draft regulations.
How Forter Secures Customer Data
Forter takes its responsibilities seriously when customers trust us with their data. Forter is built on industry-standard technologies, and we’re constantly improving technical and operational safeguards designed to protect the security, confidentiality, and integrity of our systems, networks, and customer data. Forter holds PCI Level 1, SOC2 Type II, ISO 27001, and ISO 27701 certifications.
In addition to our certifications, Forter regularly engages third-party audits and penetration tests from reputable companies to ensure continuous and updated use of industry best practices. Forter has established a mature vendor management program, including a vendor due diligence process and regular scanning and assessment of our vendor’s security posture. We employ security personnel that conduct ongoing risk assessments and help provide guidance to the entire company on security issues through internal oversight risk committees.
Forter’s Privacy Hub
Trust is built on handling personal data the right way, and at Forter, we make that the priority.
To communicate our privacy and security efforts with our customers and prospects, we’ve added a new Privacy and Security Hub to our website. This Hub provides an overview of our privacy and security practices. As privacy laws and regulations continue to evolve, we will keep this Hub updated.