BBB National Programs Press Releases

  • The Council of Better Business Bureaus Restructures

    BBB National Programs, Inc. was launched in 2019 as part of an internal restructuring of the Council of Better Business Bureaus, Inc. (CBBB). BBB National Programs now administers the self-regulatory and dispute resolution programs formerly administered by the CBBB.
  • Podcast - EU Privacy Shield: A BBB National Program

    Today, more than ever, companies large and small are conducting business all over the world, so it begs the question: what happens when businesses transfer personal data across borders? Here to help us understand how US companies safeguard their EU customers’ data is Frances Henderson, Director of Privacy Initiatives and Bryant Fry, Deputy Director of BBB EU Privacy Shield. Join us to hear more about this essential topic in-depth.

  • Why Brexit Matters to Your Privacy Shield Business

    You may have heard that the United Kingdom is expected to exit the European Union soon in a process that many are calling “Brexit.” (For background, this article offers a no-frills Brexit explainer.) The Brexit process continues to be politically contentious, and, though the U.K. is scheduled to leave the EU on March 29, 2019, it is not yet certain whether or not this will happen by that date, either partially or fully.

  • Privacy Shield Compliance Tip #1: Navigating Your Annual Re-Certification

    Re-certification is the process by which you annually re-affirm to DOC your Privacy Shield self-certification. Your annual Privacy Shield re-certification is essentially a process of re-approval, much the same as the initial process of becoming approved under Privacy Shield. The required steps are almost identical to those you went through to secure initial approval of your Privacy Shield self-certification, including verifying that DOC has copies of your most up-to-date disclosures and policies. After submission, your account receives a thorough review by a Privacy Shield team member. 

  • From CARU - Top 10 Tips to Make Sure Your Business Complies with COPPA.

    Data Privacy Day is an international effort to empower individuals to take ownership of their online presence and inspire businesses to respect privacy. To celebrate, we’re sharing tips companies and small businesses can use to help ensure that a website or online service complies with COPPA.

  • Privacy Shield’s Second Annual Review: A Good Report Card

    The report is a result of the Annual Review that was conducted by the United States government, the European Commission, and the EU data protection authorities in Brussels on October 18 and 19, 2018. The primary objectives of the joint review were to monitor the current U.S. administration’s work on, and industry’s compliance with, the Privacy Shield, and to influence the privacy discussion in the United States. The report’s findings were also influenced by surveys that the Commission sent to U.S. trade associations and advocacy groups.

  • A Reminder from the FTC: Making False Statements about Privacy Shield has Consequences

    by Cobun Keegan

    The U.S. Federal Trade Commission has always taken very seriously any company’s statement about certification, membership, or participation in recognized privacy and security programs. For example, the Commission has cracked down on numerous companies over the years for making incorrect statements about their participation in APEC-CBPR and the Safe Harbor Frameworks. Privacy Shield is no different. Whether you have yet to complete the full self-certification process, are awaiting renewal after a lapse, or have withdrawn from Shield, you must be careful not to make false statements about your participation in the Frameworks. This week, four more companies found this out to their detriment.

  • From IAPP - GDPR matchup: The California Consumer Privacy Act 2018

    Most data protection professionals would agree that the GDPR sets the global “gold-standard” for data protection and has forced companies across the globe to significantly update their data practices and ramp up their compliance programs. Many would likely dispute whether the CaCPA deserves to be placed at the same level, Honestly, it may be too early to tell. As the first U.S. attempt at a comprehensive data protection law, the CaCPA has the potential to become as consequential as the GDPR. After all, California is the fifth largest economy in the world, the home of many technology titans, and traditionally a trend-setting state for data protection and privacy in the U.S.

  • Consent under the GDPR

    by Cobun Keegan

    Processing of personal data takes many forms. At times, the entire point of the service that a business provides requires the business to process its customers’ personal data. If someone orders a pair of shoes online, the business must receive and process the person’s physical address in order to complete the delivery. Thus, for the purpose of order fulfillment, the collection and processing (and perhaps even sharing with shipping providers) of the person’s physical address is necessary. Perhaps in a soft sense of “consent,” such a transaction involves the consent of the consumer. 

  • From Bloomberg Law - FTC Could Police U.S. Companies’ Promises on EU Data Privacy Law

    Companies that updated their privacy policies to give U.S. consumers some protections under the European Union’s new regime may have to deal with data security regulators on both sides of the Atlantic.