Breaking Down Privacy Certification Options – Why, What, Who

Jun 3, 2021 by Cobun Zweifel-Keegan, Deputy Director, Privacy Initiatives, BBB National Programs

In today’s data-driven economy, good privacy practices are inextricable from good business. Everyone is taking a closer look at how personal information is collected and used these days. Consumers and employees are more informed about how to protect the privacy of their data. Regulators are raising the temperature, armed with updated rules. And businesses are requiring much more than general assurances that their contracting parties will handle data with care.

Why: Privacy as Clear as Day

When it comes to your corporate data privacy practices, being ready for scrutiny means embracing accountability. What does accountability mean in this context? In short, it means implementing best practices and demonstrating these practices in an ongoing, verifiable manner. According to the Center for Information Policy Leadership (CIPL), accountability is not only required by many privacy regulations, but also a fundamental element of an effective and risk-based privacy program.

 

 

CIPL offers a straightforward model for embracing accountability in practice, the Accountability Wheel, which outlines six important elements of accountability. Of all these elements, monitoring and verification are the most important. Without ongoing monitoring and verification of your privacy practices, it is impossible to demonstrate the rest of your good work. Independent certifications, such as those delivered by BBB National Programs, provide that crucial verification. In 2020, the Cisco Data Privacy Benchmark Study surveyed more than 2,800 organizations about their privacy practices and accountability measures. When selecting a vendor, 82% of respondents saw privacy certifications as a deciding factor.

 

What: Picking a Certification for Your Privacy Program

There are many certifications and seals for data privacy, but only a few are recognized internationally as demonstrating modern best practices. These include:

  • Cross-Border Privacy Rules (CBPR) certification is a standard created by the economies of the Asia-Pacific Economic Cooperation (APEC) built on global privacy norms. This certification indicates you received a comprehensive review of your corporate privacy policies and procedures by an independent Accountability Agent, such as BBB National Programs, that has been recognized by the 21 APEC economies.
  • Privacy Recognition for Processors (PRP) certification, a similar standard to CBPRs designed specifically for processors and vendors to indicate that you meet data security and accountability standards that fully align with CBPR. 
  • Privacy Shield verification, an optional component of participation in the Privacy Shield Framework, a standard aligned with European Union data privacy norms. 
  • ISO 27701 standard, another robust set of requirements and guidelines for privacy programs that serves as a basis for several privacy certifications.
  • BBB National Programs’ Vendor Privacy Program certification, built on the same recognized standards as PRP, serves as an alternative for businesses located outside of the United States.

 

These privacy certifications cover your entire privacy program – policies, procedures, and practices – giving you that all-important demonstrable compliance piece of the accountability puzzle.

 

Who: Accountability as a Service

When choosing a certification for your global privacy program, look for recognized standards. All of those listed above are well-established and internationally recognized. Also, look to the type of organization serving as an accountability agent or certification body. Generally, recognized standards require accreditation of these entities. Other elements, such as non-profit status or a long history of independent review, help to set some apart.

Look closely for programs that promise achievable standards, including guided reviews to help identify gaps in your practices, and scalability to grow with your business. Always check for the all-important markers of transparency to help you show off your certification. These generally include seals to display on your website and a report of the certifier’s findings to provide to your business partners, demonstrating the results of the privacy review.

Finally, look for evidence of enhanced accountability in line with CIPL’s recommendations such as ongoing independent monitoring of your privacy notices, annual reviews to help you continuously improve, and mechanisms for consumers to lodge complaints and pursue dispute resolution through an independent body.

Independent certifications that include the above elements are critical for your brand reputation, credibility, and bottom line. They will help your business demonstrate its own accountability, earning commercial trust that can withstand scrutiny for years to come. 

At BBB National Programs, our certification programs are designed to bring these principles to practice, making privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles

Blog

What You Missed at NAD 2024: The Global Future of Ad Law

If you missed NAD 2024: Charting the Global Future of Ad Law last month, here is a glimpse of the discussions from the NAD team, leading advertising law lawyers, academics, regulators, and experts from around the world.
Read more
Blog

Industry Self-Regulation Will Shine Post-Chevron

In its landmark decision in Relentless Inc. v. U.S. Department of Commerce and Loper Bright Enterprises v. Raimondo, the U.S. Supreme Court has fundamentally reshaped the landscape of regulatory governance in the U.S. And in the wake of the ruling, the implications for industry self-regulation loom large.
Read more
Blog

What to Know About New Jersey’s Lemon Law

While most cars run smoothly off the lot, it’s important to understand your rights if you find yourself with a potential “lemon” parked in your driveway. New Jersey's Lemon Law protects consumers of new vehicles from persistent defects.
Read more
Blog

U.S. Supreme Court Impact: Judicial Power at Work, Industry Self-Regulation in Play

The U.S. Supreme Court decision, Loper Bright Enterprises v. Raimondo, marked a pivotal shift in administrative law by overturning the Chevron deference doctrine and will have a long-term impact. The ruling also presents a unique opportunity for industries to fill regulatory gaps in a manner that enhances consumer trust.
Read more