Leveraging Independent Accountability to Enhance Privacy Tech in Your Compliance Strategy

Jun 24, 2021, 09:00 AM by Bryant Fry, Deputy Director, Privacy Initiatives - Operations

No matter the size of your business, making data privacy a priority is a key component of maintaining the trust of your customers, investors, and the public at large. Today’s economy increasingly requires using systems that process data from around the world, even if you do not yet sell or operate outside the country where you are headquartered. 

To assist businesses in complying with the proliferation of differing privacy laws both in the United States and globally, privacy technology platforms have grown exponentially. Everything such as assessment managers, data mapping solutions, data subject request solutions, consent managers, deidentification/pseudonymity solutions, incident response solutions, privacy information managers, and website scanning services have all become common tools. 

These tools are critical, however deploying the right privacy tech solutions can only get you part of the way in achieving a successful compliance strategy. Once you select the right tech solution, the next step is to demonstrate to your stakeholders your business’ accountability – and commitment -- to its privacy policies and practices. 

Many forward-thinking business leaders turn to accountability markers like third-party privacy certification that can verify that your practices are, in fact, in accordance with recognized standards, while at the same time helping your privacy strategy remain interoperable with a variety of legal regimes. 

These privacy certifications, such as those offered by BBB National Programs, not only help make global privacy best practices achievable by businesses of any size, but they can be a great value, as the costs of pursuing certifications and other accountable privacy practices pale in comparison to the potential costs of regulatory action, the odds for which increase when businesses don’t pay attention to privacy.

Similarly, independent dispute resolution for customers with privacy complaints provides a second layer of trust, providing consumers with a responsive redress mechanism that sets your customer service apart. This type of mechanism is also mandated by international frameworks like APEC and Privacy Shield and is suggested by emerging legislation in Virginia and Colorado.

And don’t forget about the impact your vendors or partners can have on your business reputation for privacy. Third party certifications work here as well. Instead of dedicating internal resources to vet your contractors, ask your potential vendors to secure trustworthy third-party privacy certifications. Here are a few tips:

  • Look for services and mechanisms like our APEC Privacy Certification Programs and our Vendor Privacy Program
  • Use standardized contractual requirements to hold your business partners to the same standards and trusted best practices you expect of yourself.
  • Consider using independent dispute resolution procedures as part of those requirements. 


Once you know who touches your data and where that data is stored, it is up to you to conduct ongoing due diligence to make sure your partners treat it consistent with your standards, practices, and public statements.

Privacy technology platforms can provide helpful utility to document your privacy practices and to automate compliance. In an environment where global privacy regulations are actively shifting, in addition to relying on technology, maintaining a robust privacy program that demonstrates best practices such as accountability and transparency will go a long way toward minimizing the scrutiny of consumers and government agencies.

Our role at BBB National Programs as an independent provider of privacy certifications, assessments, and dispute resolution is to help companies confidently demonstrate that their privacy practices are built upon the principles that form the building blocks for global privacy standards.

We can help make privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles


The Do’s and Don’ts of Buying Smart for Baby: A Primer from Privacy Experts

Researching a new product and finding the critical or in-depth information you are looking for to build confidence in your purchasing decision often requires sifting through superficial lists of “best products.” These lists are often sponsored by the products they feature, which means instead of a focus on being helpful they are full of incentivized endorsements and affiliate links. In this blog, we provide a list – not a sponsored list – of some do’s and don’ts for how to confidently research smart devices.
Read more

When Web Designs Turn Into Dark Patterns And What To Do About It

Recently I wrote about the proliferation of dark patterns and tried to give readers a sense of just how widespread these practices are. But it is not just the pervasiveness of dark patterns that has lawmakers and regulators concerned, it is the intent behind them and their impact on consumers. Nonprofit leaders, in particular, should be aware of this and how to guard against it given that they are well-positioned to garner and enhance consumer trust.
Read more

Politics Aside, Advertising Gains Guidance on Deception and Substantiation in the 1980s

As we continue to celebrate the 50th anniversary of the National Advertising Division (NAD) we are looking forward while taking stock of past decades, with a special focus on decisions and developments that continue to impact advertising law and NAD cases today. This month we highlight two pivotal moments from the 1980’s that helped shape NAD’s jurisprudence.
Read more

Marking a Milestone: New Ad Guidelines, Influencers, Gaming, and More at CARU 2021

In a world where ads are woven seamlessly into online content, advertising and data collection practices become more complex, especially in the children’s space. On June 8 and 9, 2021, the Children’s Advertising Review Unit (CARU) virtually convened experts in children’s advertising, privacy, influencers, gaming, ed tech, and state and federal regulations around the globe for our annual conference, CARU 2021 to discuss challenges, best practices, and the year ahead.
Read more