Breaking Down Privacy Certification Options – Why, What, Who

Jun 3, 2021, 08:20 AM by Cobun Zweifel-Keegan, Deputy Director, Privacy Initiatives, BBB National Programs

In today’s data-driven economy, good privacy practices are inextricable from good business. Everyone is taking a closer look at how personal information is collected and used these days. Consumers and employees are more informed about how to protect the privacy of their data. Regulators are raising the temperature, armed with updated rules. And businesses are requiring much more than general assurances that their contracting parties will handle data with care.

 

 

Why: Privacy as Clear as Day

When it comes to your corporate data privacy practices, being ready for scrutiny means embracing accountability. What does accountability mean in this context? In short, it means implementing best practices and demonstrating these practices in an ongoing, verifiable manner. According to the Center for Information Policy Leadership (CIPL), accountability is not only required by many privacy regulations, but also a fundamental element of an effective and risk-based privacy program.

 

 

CIPL offers a straightforward model for embracing accountability in practice, the Accountability Wheel, which outlines six important elements of accountability. Of all these elements, monitoring and verification are the most important. Without ongoing monitoring and verification of your privacy practices, it is impossible to demonstrate the rest of your good work. Independent certifications, such as those delivered by BBB National Programs, provide that crucial verification. In 2020, the Cisco Data Privacy Benchmark Study surveyed more than 2,800 organizations about their privacy practices and accountability measures. When selecting a vendor, 82% of respondents saw privacy certifications as a deciding factor.

 

What: Picking a Certification for Your Privacy Program

There are many certifications and seals for data privacy, but only a few are recognized internationally as demonstrating modern best practices. These include:

  • Cross-Border Privacy Rules (CBPR) certification is a standard created by the economies of the Asia-Pacific Economic Cooperation (APEC) built on global privacy norms. This certification indicates you received a comprehensive review of your corporate privacy policies and procedures by an independent Accountability Agent, such as BBB National Programs, that has been recognized by the 21 APEC economies.
  • Privacy Recognition for Processors (PRP) certification, a similar standard to CBPRs designed specifically for processors and vendors to indicate that you meet data security and accountability standards that fully align with CBPR. 
  • Privacy Shield verification, an optional component of participation in the Privacy Shield Framework, a standard aligned with European Union data privacy norms. 
  • ISO 27701 standard, another robust set of requirements and guidelines for privacy programs that serves as a basis for several privacy certifications.
  • BBB National Programs’ Vendor Privacy Program certification, built on the same recognized standards as PRP, serves as an alternative for businesses located outside of the United States.

 

These privacy certifications cover your entire privacy program – policies, procedures, and practices – giving you that all-important demonstrable compliance piece of the accountability puzzle.

 

Who: Accountability as a Service

When choosing a certification for your global privacy program, look for recognized standards. All of those listed above are well-established and internationally recognized. Also, look to the type of organization serving as an accountability agent or certification body. Generally, recognized standards require accreditation of these entities. Other elements, such as non-profit status or a long history of independent review, help to set some apart.

Look closely for programs that promise achievable standards, including guided reviews to help identify gaps in your practices, and scalability to grow with your business. Always check for the all-important markers of transparency to help you show off your certification. These generally include seals to display on your website and a report of the certifier’s findings to provide to your business partners, demonstrating the results of the privacy review.

Finally, look for evidence of enhanced accountability in line with CIPL’s recommendations such as ongoing independent monitoring of your privacy notices, annual reviews to help you continuously improve, and mechanisms for consumers to lodge complaints and pursue dispute resolution through an independent body.

Independent certifications that include the above elements are critical for your brand reputation, credibility, and bottom line. They will help your business demonstrate its own accountability, earning commercial trust that can withstand scrutiny for years to come. 

At BBB National Programs, our certification programs are designed to bring these principles to practice, making privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles

Blog

For Brands and Influencers: Get to Know the CARU Advertising Guidelines

Children can access on a variety of platforms and devices. Some of this content is organic and some is advertising. It can be difficult, or even impossible, for children to know the difference between the two. That’s why it’s essential to disclose to children – in language they can understand – when an influencer is advertising the featured product. If you have a role in influencer marketing to children, here are some key revisions to the CARU Guidelines that you should know.
Read more
Blog

Why Independent Industry Self-Regulation Is Timelier Than Ever

Although advertising’s platforms, technology, and techniques have changed dramatically, the system of independent industry self-regulation has sustained, and thrived, proving itself as an adaptable model to evolving business environments. Today, that model of responsible businesses allowing themselves to be held publicly accountable by independent self-regulation is timelier than ever.
Read more
Blog

The 2000s Introduced the Internet and Influencers to Ad Law

The 2000s was a decade of change as online advertising exploded and, as a harbinger of things to come, the online environment became fertile ground for innovative ways to both communicate with consumers or, for the unscrupulous, take advantage of unwary consumers. The low barriers to entry allowed disrupters to enter the digital space and forced traditional marketers to compete in this space or be left behind.
Read more
Blog

For Developers: Get to Know the CARU Advertising Guidelines

The CARU Advertising Guidelines are widely recognized industry standards that help ensure advertising directed to children is fair and appropriate for its intended audience across any form of child-directed media. The CARU team outlines some key revisions to the Guidelines to which mobile developers should pay heed.
Read more