Best Practices in Global Data Privacy

May 26, 2021 by BBB National Programs Global Privacy Division

Privacy has become a very public matter. Business news sites, TV business networks, and the pages of major newspapers are full of stories on the topic of – and the controversies related to – data privacy. The issue of properly managing personal data is not only big in the U.S.; it is increasingly important around the world.

If you are striving to build a business with a global reach, you must take cross-border data privacy seriously. Today’s economy requires using systems that process data from around the world, even if you do not yet sell or operate outside the country where you are headquartered. And using data, especially personal data, in global commerce means you must comply with a growing labyrinth of privacy-related regulations. 

Forward-thinking business leaders, like those who are working with us at BBB National Programs, must commit to embracing established standards for privacy and data security. To do this right, you must have insight, documentation, and transparency. 

 

Insight

Every business relationship with personal data is unique, so creating an inventory of your collection and use of personal data is always the first step. Ask yourself, what types of personal information does our company or non-profit organization process? Once you have that list, you should ask a series of questions about each data type, such as: 

  • Is it sensitive information? 
  • Where does it come from?
  • At the time it’s collected, what kinds of permissions or limitations are set out about how it can be used? 

 

Documentation

With the answers to these questions in hand, and following straightforward data best practices, you can customize and document your processes and procedures for handling the personal data you collect. Crafting operational practices that fit your data inventory requires consideration of how all of your data insights translate into practical action steps for handling that data. 

 

Transparency

Strong privacy practices enhance business relationships with customers and other stakeholders. Enhancing relationships includes making sure that their expectations match reality when it comes to how personal data will be processed. With your policies and procedures in hand, it is a natural and straightforward step to craft informative notices of your privacy practices. 

 

Certifying Your Practices

These internal privacy practices only get you part of the way. Independent indicators are needed to verify that your practices are, in fact, in accordance with recognized standards.

Third-party privacy certifications do just that, while at the same time helping your privacy strategy remain interoperable with a variety of legal regimes. Similarly, independent dispute resolution for customers with privacy complaints provides a second layer of trust, while providing consumers with a responsive redress mechanism that sets your customer service apart. This type of mechanism is also mandated by international frameworks like APEC and Privacy Shield.

Your business reputation for privacy also depends on the practices of your vendors and partners. Once you know who touches your data and where that data is stored, it is up to you to conduct ongoing due diligence to make sure your partners treat it consistent with your standards, practices, and public statements.

Thankfully, you don’t have to reinvent the wheel or dedicate internal resources to vet your contractors. 

  1. Ask your vendors to secure trustworthy third-party certifications about their privacy and security practices. Look for services and mechanisms like Cross-Border Privacy Rules (CBPR) or Privacy Recognition for Processors (PRP).
  2. Next, use standardized contractual requirements to hold your business partners to the same standards and trusted best practices you expect of yourself. 

 

Find the Right Method of Accountability

Getting global privacy operations right means embracing a “Show and Tell” approach. Your voluntary commitment to independent mechanisms of accountability, such as certifications, assessments, or independent dispute resolution can provide that trusted verification. 

Even in an environment where global privacy regulations are actively shifting, maintaining a robust privacy program with independent indicators will go a long way toward minimizing the scrutiny of consumers and government agencies.

Our role at BBB National Programs as a third-party provider of privacy certifications, assessments, and independent dispute resolution is to help companies confidently demonstrate that their privacy practices are built upon the principles that form the building blocks for global privacy standards. 

We can help make privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles

Blog

Enhancing Brand Safety: Understanding Self-Regulation vs. Independent Industry Self-Regulation

With copious amounts of content proliferating across a growing number of platforms and websites, it is an ongoing challenge for advertisers and platforms to ensure that digital ads are not placed next to harmful content. In this conversation, there is a key distinction few are making — the difference between ‘self-regulation’ and ‘independent, industry-wide self-regulation.’
Read more
Blog

CFBAI and CCAI Published the 2020 Annual Report on Participant Compliance and Program Progress

BBB National Programs has released the CFBAI and CCAI 2020 Annual Report, which includes findings on CFBAI and CCAI participant compliance with their commitment to advertise only foods that meet CFBAI’s strict Uniform Nutrition Criteria or to not engage in advertising primarily directed to children under age 12. The Report indicates excellent compliance by the 19 CFBAI participants and the eight CCAI participants in 2020.
Read more
Blog

What Do You Need to Know about the Florida Lemon Law?

If you have ever purchased or leased a car or SUV that you consider a lemon, you may have questions about the myriad of federal and state laws that govern your vehicle and the remedies available to you. Each state also has their own statute governing vehicles sold and leased in that state for personal use. Today, we look at the lemon law in Florida, one of the fastest-growing states in the U.S.
Read more
Blog

AI Can Be A Force For Good In Recruiting And Hiring New Employees

A challenge for rapid innovation in any industry is the ability for legal and regulatory requirements to keep pace. In the recruiting and hiring process, where AI provides aid to human decision-making and a welcome relief to managing a deluge of data, company leaders are asking themselves: How can we combine important technological innovation with a proactive approach to employment law requirements?
Read more