Privacy Frequently Asked Questions

Effective: August 3, 2023

Does Verisign have a dedicated staff responsible for Verisign’s compliance with global privacy laws and regulations?

Verisign has a Global Privacy Officer who is responsible for ensuring that the company’s global data privacy functions are effective and performed in a comprehensive and coordinated manner across the entire business and in compliance with global privacy laws and regulations. Among other things, the Global Privacy Officer designs and implements Verisign’s enterprise-wide privacy-related compliance programs, overseeing employee training and the investment in new privacy tools. The Global Privacy Officer may be reached at:

VeriSign, Inc.
Attn: Global Privacy Officer
12061 Bluemont Way
Reston, Virginia 20190
United States of America
contactprivacy@verisign.com

Does Verisign have a Data Protection Officer (DPO) as that position is set forth in the General Data Protection Regulation (Regulation (EU) 2016/679)?

While Verisign does not believe it is required to have one, it has voluntarily designated the following individual to serve as DPO:

Christine Lentz, Senior Vice President
VeriSign, Inc.
12061 Bluemont Way
Reston, Virginia 20190
United States of America
dpo@verisign.com

Does Verisign have dedicated staff responsible for information security?

Verisign has an Information Security organization with experts in implementing, organizing, updating and supervising Verisign’s high level of data security measures.

Does Verisign have documented data protection and information security governance policies and procedures?

Verisign´s commitment to keeping our clients´ data confidential spreads throughout our organization, with all Verisign employees and partners having policy requirements or contractual commitments with Verisign to handle and maintain client data with utmost secrecy and confidentiality. We also offer regular training to all employees regarding security and privacy matters. In addition, relevant information from Verisign’s written information security policies is available in the applicable SOC 2 or SOC 3 reports that can be shared with customers.

Does Verisign comply with any information security industry standards?

Verisign meets the AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”) Audits) (www.aicpa.org). This is subject to an annual audit and report (SOC 2 Type II & SOC 3 -- Report on Controls at a Service Organization Relevant to Security, Availability, and Processing Integrity).

Does Verisign ensure that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data?

Verisign ensures that its employees undergo training in relation to data protection awareness and the handling of sensitive personal data.

Has Verisign recently conducted an audit to evaluate the effectiveness of its data security measures?

Verisign routinely undergoes AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”)) and Sarbanes-Oxley Act of 2002 (“SOX”) compliance audits relating to the key products and services that it provides around the world.

What technical and security measures does Verisign take to protect the confidentiality, privacy, integrity and availability of customer data?

Verisign has implemented and will continue to maintain appropriate technical and organizational security measures for customer data. These measures involve Verisign infrastructure, software, employees and procedures and take into account the nature, scope and purposes of the processing as specified in the customer’s agreement. The security measures are intended to protect data against the risks inherent in the processing of personal data, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer data transmitted, stored or otherwise processed.

How does Verisign ensure the cross-border transfer is conducted according to all applicable laws and regulations?

Verisign adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the DPF). The DPF was designed by the U.S. Department of Commerce to provide companies with a mechanism to comply with data protection requirements when transferring data from the European Union, United Kingdom and Switzerland to the United States. More information about the DPF can be found at https://www.dataprivacyframework.gov/..

In the case of requests from customers or data protection authorities, will Verisign provide its customers with reasonable support to help address data privacy matters?

In case of requests, Verisign will provide its customers with reasonable support to help with any data privacy matters, including providing information regarding Verisign’s data privacy compliance activities.

Has Verisign ever been subject of a complaint related to data protection from either an individual or an applicable data protection supervisory authority?

Verisign has never been subject to a complaint related to data protection from either an individual or an applicable data protection supervisory authority.