Independence Day Edition: CBPR Framework Offers “Checks & Balances”

From a practical business standpoint, the webinar delved into how privacy impacts businesses’ brand reputation and builds trust with key stakeholders: regulators, vendors, and consumers. Certifying businesses to the CBPR certification requirements can help businesses demonstrate to regulators and their consumers that they are accountable in the marketplace.  

The webinar went above and beyond the basics of the program and drilled down on some of the deeply American values resonating within the CBPR framework: 

• Meeting enforceable voluntary requirements. A frequently asked question is: This is a voluntary framework, so how is it enforceable for businesses? Commerce’s Coe noted that this is a “government-backed certification” with built-in “insurance.” While the program is voluntary in nature, program participants are bound to their privacy promises and requirements and subject to regulatory enforcement. At any time, regulators can review the work undertaken by a company through the CBPR process. Tennessee’s state consumer privacy law even includes the CBPR as a part of the affirmative defense a company can use in court to demonstrate its good faith effort to comply with the law.
• Leveraging common best practices to further democratic values and individual rights. The nine principles that are the foundation of CBPR are aligned to leading privacy laws and regulations, including the EU and UK GDPR. These principles create a uniform denominator for the laws in varied jurisdictions including Canada, Singapore, South Korea, and others, each among a wide range of countries bound to a strong democratic vision.
• Ensuring checks and balances through Accountability Agents. The United States democratic system of government was established with the idea of checks and balances as a central tenet, ensuring no one process or entity drives the wholesale determination of a government decision. The CBPR certification process is no different, on either the supply or demand side of the equation. 
  • Supply side: In the United States’ coregulatory model for CBPRs, there is a market-based approach to approving accountability agents, which means these agents must apply through a rigorous process to establish trust and be selected by the Joint Oversight Panel (JOP). Accountability Agents supply the companies’ certification questionnaire, aligned to the Global Forums’ process, and play the important role of reviewing all documentation to ensure companies’ responses to the questionnaire can be appropriately met with documentation and supporting evidence.   
  • Demand side: Companies receiving the certification can feel confident that their work is being checked by verified, scrupulous external experts. Further, due to the presence of an accountability agent, no one entity or deciding vote/factor strictly within the company calls the shots on whether appropriate data privacy practices are being proposed and furthered in line with the CBPR requirements. The certification creates a common roadmap for internal corporate teams within the company to coalesce around, providing a team-driven spirit with practices checked by the U.S. accountability agent of choice. 
• Furthering an innovative, data-rich economy that levels the playing field. The CBPR system neutralizes the cost-related, prohibitive barriers that companies may face when they are at different points in growth and product development. Having a CBPR, PRP, or related certification gives all companies, from the smallest start-ups all the way to the largest, billion-dollar unicorns, an opportunity to be viewed as good actors and to evaluate their data workstream, enabling them to fulfill their full potential.  

The CBPR certification program furthers a trusted economy where all links in the value chain are evaluated and verified, which further underscores the U.S. as a principled leader of the democratic world. 

Want to hear the full conversation? Request a recording of the webinar. Ready to get started with CBPRs? Set up a free consultation with the Global Privacy Division team.