Breaking Down Privacy Certification Options – Why, What, Who

Jun 3, 2021, 08:20 AM by Cobun Zweifel-Keegan, Deputy Director, Privacy Initiatives, BBB National Programs

In today’s data-driven economy, good privacy practices are inextricable from good business. Everyone is taking a closer look at how personal information is collected and used these days. Consumers and employees are more informed about how to protect the privacy of their data. Regulators are raising the temperature, armed with updated rules. And businesses are requiring much more than general assurances that their contracting parties will handle data with care.

 

 

Why: Privacy as Clear as Day

When it comes to your corporate data privacy practices, being ready for scrutiny means embracing accountability. What does accountability mean in this context? In short, it means implementing best practices and demonstrating these practices in an ongoing, verifiable manner. According to the Center for Information Policy Leadership (CIPL), accountability is not only required by many privacy regulations, but also a fundamental element of an effective and risk-based privacy program.

 

 

CIPL offers a straightforward model for embracing accountability in practice, the Accountability Wheel, which outlines six important elements of accountability. Of all these elements, monitoring and verification are the most important. Without ongoing monitoring and verification of your privacy practices, it is impossible to demonstrate the rest of your good work. Independent certifications, such as those delivered by BBB National Programs, provide that crucial verification. In 2020, the Cisco Data Privacy Benchmark Study surveyed more than 2,800 organizations about their privacy practices and accountability measures. When selecting a vendor, 82% of respondents saw privacy certifications as a deciding factor.

 

What: Picking a Certification for Your Privacy Program

There are many certifications and seals for data privacy, but only a few are recognized internationally as demonstrating modern best practices. These include:

  • Cross-Border Privacy Rules (CBPR) certification is a standard created by the economies of the Asia-Pacific Economic Cooperation (APEC) built on global privacy norms. This certification indicates you received a comprehensive review of your corporate privacy policies and procedures by an independent Accountability Agent, such as BBB National Programs, that has been recognized by the 21 APEC economies.
  • Privacy Recognition for Processors (PRP) certification, a similar standard to CBPRs designed specifically for processors and vendors to indicate that you meet data security and accountability standards that fully align with CBPR. 
  • Privacy Shield verification, an optional component of participation in the Privacy Shield Framework, a standard aligned with European Union data privacy norms. 
  • ISO 27701 standard, another robust set of requirements and guidelines for privacy programs that serves as a basis for several privacy certifications.
  • BBB National Programs’ Vendor Privacy Program certification, built on the same recognized standards as PRP, serves as an alternative for businesses located outside of the United States.

 

These privacy certifications cover your entire privacy program – policies, procedures, and practices – giving you that all-important demonstrable compliance piece of the accountability puzzle.

 

Who: Accountability as a Service

When choosing a certification for your global privacy program, look for recognized standards. All of those listed above are well-established and internationally recognized. Also, look to the type of organization serving as an accountability agent or certification body. Generally, recognized standards require accreditation of these entities. Other elements, such as non-profit status or a long history of independent review, help to set some apart.

Look closely for programs that promise achievable standards, including guided reviews to help identify gaps in your practices, and scalability to grow with your business. Always check for the all-important markers of transparency to help you show off your certification. These generally include seals to display on your website and a report of the certifier’s findings to provide to your business partners, demonstrating the results of the privacy review.

Finally, look for evidence of enhanced accountability in line with CIPL’s recommendations such as ongoing independent monitoring of your privacy notices, annual reviews to help you continuously improve, and mechanisms for consumers to lodge complaints and pursue dispute resolution through an independent body.

Independent certifications that include the above elements are critical for your brand reputation, credibility, and bottom line. They will help your business demonstrate its own accountability, earning commercial trust that can withstand scrutiny for years to come. 

At BBB National Programs, our certification programs are designed to bring these principles to practice, making privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles

Blog

Vehicle Warranty 101

The term “warranty” is common and can be applied to many different things – the purchase of a house, a new piece of technology, or a vehicle. Though a familiar term, what a warranty is and does is not always known beyond the general “it protects my purchase.” A warranty is a contract between the “purchaser” of a product, often called the “consumer,” and the “seller” of that product, usually a business.
Read more
Blog

Breaking Down Privacy Certification Options – Why, What, Who

In today’s data-driven economy, good privacy practices are inextricable from good business. Everyone is taking a closer look at how personal information is collected and used these days. Consumers and employees are more informed about how to protect the privacy of their data. Regulators are raising the temperature, armed with updated rules. And businesses are requiring much more than general assurances that their contracting parties will handle data with care. Know the why, the what, and the who of privacy certifications.
Read more
Blog

Best Practices in Global Data Privacy

Privacy has become a very public matter. The issue of properly managing personal data is not only big in the U.S.; it is increasingly important around the world. Even though global privacy regulations are actively shifting, maintaining a robust privacy program with independent indicators will go a long way toward minimizing the scrutiny of consumers and government agencies.
Read more
Blog

Understanding Dark Patterns: How To Stay Out Of The Gray Areas

Where is the line between ethical, persuasive design and dark patterns? Businesses should engage in conversations with IT, compliance, risk, and legal teams to review their privacy policy, and include in the discussion the customer/user experience designers and coders responsible for the company’s user interface, as well as the marketers and advertisers responsible for sign-ups, checkout baskets, pricing, and promotions. Any or all these teams can play a role in creating or avoiding “digital deception.”
Read more