BBB National Programs’ Global Privacy Division manages various certification and independent accountability mechanisms to support businesses looking to align with internationally recognized standards for cross-border privacy. Businesses that participate in our trusted Global Privacy Division programs know they are receiving first-class services along with up-to-date guidance on global privacy compliance obligations and standards from our deep bench of privacy experts. Learn more about the programs:

• EU-U.S. Privacy Shield/Data Privacy Framework 

• Cross Border Privacy Rules (CBPR) Program 

• Privacy Recognition for Processors (PRP) Program 

• Vendor Privacy Program (VPP) 

The Asia Pacific Economic Cooperation (APEC) is a regional economic forum with 21 member economies which promotes free trade throughout the Pacific Rim. Together, those economies created a multilateral privacy framework to help facilitate the responsible cross-border transfer of personal information. Known as the Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems, these frameworks include a set of privacy best practices that represent a global baseline for data protection. 

BBB National Programs is an approved Accountability Agent within the CBPR system, meaning that BBB National Programs is empowered to certify U.S. businesses and their global subsidiaries to the CBPR standard. That’s where our CBPR certification comes in. We provide a certification to businesses that can demonstrate compliance with the CPBR.  

The CBPR accountability system allows certified businesses to commit to an achievable compliance mechanism backed by their Accountability Agent and participating governments. This multi-layered accountability system ensures that enhanced privacy protections apply to personal information, even when it moves across borders.  

Similarly, Privacy Recognition for Processors (PRP) was created by the APEC economies to serve as a certification for vendors that process personal data on behalf of other companies, consistent with the same security and accountability requirements under CBPR. 

These systems are growing in relevance beyond the Asia Pacific region as more jurisdictions recognize that the baseline privacy standards included in these privacy certifications are compatible with their privacy and data protection laws. Because of this, many companies choose to certify their entire global operations to the CBPR standard.  

The Vendor Privacy Program (VPP), is designed to match the privacy and security standards of the BBB National Programs’ PRP certification, mentioned above in FAQ 1. The only difference is that VPP businesses can be headquartered anywhere in the world, not just in the United States. This certification falls outside the ambit of the APEC system but allows vendors around the world to demonstrate that they meet the requirements—and embrace similar layers of accountability—as vendors in the PRP system. 

VPP allows participating businesses to demonstrate to current and potential customers and consumers implementation of an accountable privacy and security program based on internationally recognized standards. Vendors with a VPP certification confirm that they will meet the established data protection standards outlined in the Vendor Privacy Program Requirements, and are backed by BBB National Programs’ commitment to delivering independent accountability to privacy promises. 

After you apply, the BBB National Programs team will contact you directly to process your application. BBB National Programs takes a hands-on approach to working with participating businesses to keep them informed about both the substantive privacy requirements of our programs, as well as the administrative requirements to achieve and maintain their certification.