Breaking Down Privacy Certification Options – Why, What, Who

Jun 3, 2021 by Cobun Zweifel-Keegan, Deputy Director, Privacy Initiatives, BBB National Programs

In today’s data-driven economy, good privacy practices are inextricable from good business. Everyone is taking a closer look at how personal information is collected and used these days. Consumers and employees are more informed about how to protect the privacy of their data. Regulators are raising the temperature, armed with updated rules. And businesses are requiring much more than general assurances that their contracting parties will handle data with care.

 

 

Why: Privacy as Clear as Day

When it comes to your corporate data privacy practices, being ready for scrutiny means embracing accountability. What does accountability mean in this context? In short, it means implementing best practices and demonstrating these practices in an ongoing, verifiable manner. According to the Center for Information Policy Leadership (CIPL), accountability is not only required by many privacy regulations, but also a fundamental element of an effective and risk-based privacy program.

 

 

CIPL offers a straightforward model for embracing accountability in practice, the Accountability Wheel, which outlines six important elements of accountability. Of all these elements, monitoring and verification are the most important. Without ongoing monitoring and verification of your privacy practices, it is impossible to demonstrate the rest of your good work. Independent certifications, such as those delivered by BBB National Programs, provide that crucial verification. In 2020, the Cisco Data Privacy Benchmark Study surveyed more than 2,800 organizations about their privacy practices and accountability measures. When selecting a vendor, 82% of respondents saw privacy certifications as a deciding factor.

 

What: Picking a Certification for Your Privacy Program

There are many certifications and seals for data privacy, but only a few are recognized internationally as demonstrating modern best practices. These include:

  • Cross-Border Privacy Rules (CBPR) certification is a standard created by the economies of the Asia-Pacific Economic Cooperation (APEC) built on global privacy norms. This certification indicates you received a comprehensive review of your corporate privacy policies and procedures by an independent Accountability Agent, such as BBB National Programs, that has been recognized by the 21 APEC economies.
  • Privacy Recognition for Processors (PRP) certification, a similar standard to CBPRs designed specifically for processors and vendors to indicate that you meet data security and accountability standards that fully align with CBPR. 
  • Privacy Shield verification, an optional component of participation in the Privacy Shield Framework, a standard aligned with European Union data privacy norms. 
  • ISO 27701 standard, another robust set of requirements and guidelines for privacy programs that serves as a basis for several privacy certifications.
  • BBB National Programs’ Vendor Privacy Program certification, built on the same recognized standards as PRP, serves as an alternative for businesses located outside of the United States.

 

These privacy certifications cover your entire privacy program – policies, procedures, and practices – giving you that all-important demonstrable compliance piece of the accountability puzzle.

 

Who: Accountability as a Service

When choosing a certification for your global privacy program, look for recognized standards. All of those listed above are well-established and internationally recognized. Also, look to the type of organization serving as an accountability agent or certification body. Generally, recognized standards require accreditation of these entities. Other elements, such as non-profit status or a long history of independent review, help to set some apart.

Look closely for programs that promise achievable standards, including guided reviews to help identify gaps in your practices, and scalability to grow with your business. Always check for the all-important markers of transparency to help you show off your certification. These generally include seals to display on your website and a report of the certifier’s findings to provide to your business partners, demonstrating the results of the privacy review.

Finally, look for evidence of enhanced accountability in line with CIPL’s recommendations such as ongoing independent monitoring of your privacy notices, annual reviews to help you continuously improve, and mechanisms for consumers to lodge complaints and pursue dispute resolution through an independent body.

Independent certifications that include the above elements are critical for your brand reputation, credibility, and bottom line. They will help your business demonstrate its own accountability, earning commercial trust that can withstand scrutiny for years to come. 

At BBB National Programs, our certification programs are designed to bring these principles to practice, making privacy achievable and accountable for businesses of all sizes. Reach out to GlobalPrivacy@bbbnp.org to get started.

Suggested Articles

Blog

Enhancing Brand Safety: Understanding Self-Regulation vs. Independent Industry Self-Regulation

With copious amounts of content proliferating across a growing number of platforms and websites, it is an ongoing challenge for advertisers and platforms to ensure that digital ads are not placed next to harmful content. In this conversation, there is a key distinction few are making — the difference between ‘self-regulation’ and ‘independent, industry-wide self-regulation.’
Read more
Blog

CFBAI and CCAI Published the 2020 Annual Report on Participant Compliance and Program Progress

BBB National Programs has released the CFBAI and CCAI 2020 Annual Report, which includes findings on CFBAI and CCAI participant compliance with their commitment to advertise only foods that meet CFBAI’s strict Uniform Nutrition Criteria or to not engage in advertising primarily directed to children under age 12. The Report indicates excellent compliance by the 19 CFBAI participants and the eight CCAI participants in 2020.
Read more
Blog

What Do You Need to Know about the Florida Lemon Law?

If you have ever purchased or leased a car or SUV that you consider a lemon, you may have questions about the myriad of federal and state laws that govern your vehicle and the remedies available to you. Each state also has their own statute governing vehicles sold and leased in that state for personal use. Today, we look at the lemon law in Florida, one of the fastest-growing states in the U.S.
Read more
Blog

AI Can Be A Force For Good In Recruiting And Hiring New Employees

A challenge for rapid innovation in any industry is the ability for legal and regulatory requirements to keep pace. In the recruiting and hiring process, where AI provides aid to human decision-making and a welcome relief to managing a deluge of data, company leaders are asking themselves: How can we combine important technological innovation with a proactive approach to employment law requirements?
Read more