Certification Changes Comment Period Open

July 8, 2020

i-SIGMA is inviting members to comment on proposed amendments to the NAID AAA and PRISM Privacy+ Certification specifications through 10 August 2020.

The three changes that apply only to NAID AAA Certification are intended to improve security and regulatory compliance and to harmonize NAID’s certification specifications with PRISM’s. They include requirements for policies and procedures to specify the location of transport vehicles, control personal photographic equipment, and alter the time frame for reporting data security breaches.

A fourth specification’s amendment would potentially alter both NAID AAA and PRISM Privacy+ by requiring service providers to have a Data Subject Response policy in place.

A more detailed description of each amendment is included in the Comment Form, which members can obtain by accessing the Member Portal > My Digital Library. The description includes the justification for the change as well as precise language and instructions for compliance.

While the amendments are significant from the perspective of regulatory compliance and security, compliance remedies offered are neither onerous nor expensive.