Privacy Frequently Asked Questions

Does Verisign have a dedicated staff responsible for Verisign’s compliance with global privacy laws and regulations?

Verisign has a dedicated Privacy Committee that is responsible for ensuring that the company’s global data privacy functions are effective and performed in a comprehensive and coordinated manner across the entire business and in compliance with global privacy laws and regulations. Among other things, the Privacy Committee designs and implements Verisign’s enterprise-wide privacy-related compliance programmes, overseeing employee training and the investment in new privacy tools. The Privacy Committee can be reached at:

VeriSign, Inc.
12061 Bluemont Way
Reston, Virginia 20190
United States of America
Attn: Privacy Committee
contactprivacy@verisign.com

Does Verisign have a Data Protection Officer (DPO) as that position is set forth in the General Data Protection Regulation (Regulation (EU) 2016/679)?

While Verisign does not believe it is required to have one, it has voluntarily designated the following individual to serve as DPO:

Christine Lentz, Vice President
VeriSign, Inc.
12061 Bluemont Way
Reston, Virginia 20190
United States of America
dpo@verisign.com

Does Verisign have dedicated staff responsible for information security?

Verisign has an Information Security organisation with experts in implementing, organising, updating and supervising Verisign’s high level of data security measures.

Does Verisign have documented data protection and information security governance policies and procedures?

Verisign´s commitment to keeping our clients´ data confidential spreads throughout our organisation, with all Verisign employees and partners having contractual commitments with Verisign to handle and maintain client data with utmost secrecy and confidentiality. We also offer regular training to all employees regarding security and privacy matters. In addition, relevant information from Verisign’s written information security policies is available in the applicable SOC 2, SOC 3, or other third-party reports that can be shared with customers.

Does Verisign comply with any information security industry standards?

Verisign meets the AICPA, Trust Services Principles and Criteria (System and Organisation Controls (“SOC”) Audits) (www.aicpa.org). This is subject to an annual audit and report (SOC 2 Type II & SOC 3 -- Report on Controls at a Service Organisation Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy).

Does Verisign ensure that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data?

Verisign ensures that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data.

Has Verisign recently conducted an audit to evaluate the effectiveness of its data security measures?

Verisign routinely undergoes AICPA, Trust Services Principles and Criteria (System and Organisation Controls (“SOC”)) and Sarbanes-Oxley Act of 2002 (“SOX”) compliance audits relating to the key products and services that it provides around the world.

What technical and security measures does Verisign take to protect the confidentiality, privacy, integrity and availability of customer data?

Verisign has implemented and will continue to maintain appropriate technical and organisational security measures for customer data. These measures involve Verisign infrastructure, software, employees and procedures and take into account the nature, scope and purposes of the processing as specified in the customer’s agreement. The security measures are intended to protect data against the risks inherent in the processing of personal data, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to customer data transmitted, stored or otherwise processed.

How does Verisign ensure the cross-border transfer is conducted according to all applicable laws and regulations?

Verisign adheres to the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks. These frameworks were designed by the U.S. Department of Commerce and European Commission to provide companies with a mechanism to comply with data protection requirements when transferring data from the European Union and Switzerland to the United States. More information about Privacy Shield can be found at (https://www.privacyshield.gov).

In the case of requests from customers or data protection authorities, will Verisign provide its customers with reasonable support to help address data privacy matters?

In case of requests, Verisign will provide its customers with reasonable support to help with any data privacy matters, including providing information regarding Verisign’s data privacy compliance activities.

Has Verisign ever been subject of a complaint related to data protection from either an individual or an applicable data protection supervisory authority?

Verisign has never been subject to a complaint related to data protection from either an individual or an applicable data protection supervisory authority.

Effective: 30 July 2018