Privacy Frequently Asked Questions

Does Verisign have a dedicated staff responsible for Verisign’s compliance with global privacy laws and regulations?

Verisign has a dedicated Privacy Committee that is responsible for ensuring that the company’s global data privacy functions are effective and performed in a comprehensive and coordinated manner across the entire business and in compliance with global privacy laws and regulations. Among other things, the Privacy Committee designs and implements Verisign’s enterprise-wide privacy-related compliance programs, overseeing employee training and the investment in new privacy tools. The Privacy Committee can be reached at:

VeriSign, Inc.
12061 Bluemont Way
Reston, Virginia 20190
United States of America
Attn: Privacy Committee
contactprivacy@verisign.com

Does Verisign have dedicated staff responsible for information security?

Verisign has an Information Security organization with experts in implementing, organizing, updating and supervising Verisign’s high level of data security measures.

Does Verisign have documented data protection and information security governance policies and procedures?

Verisign´s commitment to keeping our clients´ data confidential spreads throughout our organization, with all Verisign employees and partners having contractual commitments with Verisign to handle and maintain client data with utmost secrecy and confidentiality. We also offer regular training to all employees regarding security and privacy matters. In addition, relevant information from Verisign’s written information security policies is available in the applicable SOC 2, SOC 3, or other third-party reports that can be shared with customers.

Does Verisign comply with any information security industry standards?

Verisign meets the AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”) Audits) (www.aicpa.org). This is subject to an annual audit and report (SOC 2 Type II & SOC 3 -- Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy).

Does Verisign ensure that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data?

Verisign ensures that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data.

Has Verisign recently conducted an audit to evaluate the effectiveness of its data security measures?

Verisign routinely undergoes AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”)) and Sarbanes-Oxley Act of 2002 (“SOX”) compliance audits relating to the key products and services that it provides around the world.

What technical and security measures does Verisign take to protect the confidentiality, privacy, integrity and availability of customer data?

Verisign has implemented and will continue to maintain appropriate technical and organizational security measures for customer data. These measures involve Verisign infrastructure, software, employees and procedures and take into account the nature, scope and purposes of the processing as specified in the customer’s agreement. The security measures are intended to protect data against the risks inherent in the processing of customer data, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer data transmitted, stored or otherwise processed.

How does Verisign ensure the cross-border transfer is conducted according to all applicable laws and regulations?

Verisign uses model clauses adopted by the European Commission and intragroup agreements designed to ensure that the recipients of data protect it. Verisign is also currently in the process of certifying to the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks (https://www.privacyshield.gov).

In the case of requests from customers or data protection authorities, will Verisign provide its customers with reasonable support to help address data privacy matters?

In case of requests, Verisign will provide its customers with reasonable support to help with any data privacy matters, including providing information regarding Verisign’s data privacy compliance activities.

Has Verisign ever been subject of a complaint related to data protection from either an individual or an applicable data protection supervisory authority?

Verisign has never been subject to a complaint related to data protection from either an individual or an applicable data protection supervisory authority.

Effective: May 24, 2018