TRUSTe is an Accountability Agent approved to certify data transfer practices under the Asia-Pacific Economic Cooperation CBPR framework
Asia-Pacific Economic Cooperation (APEC) is the premier Asia-Pacific economic forum whose primary goal is to support sustainable economic growth and prosperity in the Asia-Pacific region. The APEC Cross Border Privacy Rules (CBPR) is the first framework approved for the transfer of personal data between all 21 APEC Member countries with the U.S. being the first formal participant and the Federal Trade Commission serving as the first enforcement authority.
What is the APEC privacy framework?
The APEC Privacy Framework is a framework developed by APEC’s Electronic Commerce Steering Group (ECSG). It is aimed at effective information privacy protection and the free flow of information in the Asia-Pacific region – two factors that are key to improving consumer confidence and ensuring the growth of electronic commerce.
What is the CBPR system?
The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary self-regulatory initiative designed to ensure the continued free flow of personal information across borders, within the APEC membership, while establishing meaningful protection for the privacy and security of personal information. To view TRUSTe’s accountability agent participation documents click here
Global Brands Choose TRUSTe for APEC Certification
Companies doing business in the Asia-Pacific region choose TRUSTe for APEC Certification to demonstrate their commitment to consumer data privacy and protection under the APEC CBPR system.
To view a complete list of APEC Certified companies click here.
APEC Privacy Certification Benefits
- Improve Compliance – Reduce the legal risks associated with meeting complex data privacy management requirements
- Protect Brand – Protect your brand from negative media coverage due to privacy issues
- Build Trust – Build trust with users, clients, business partners, and regulators by demonstrating your commitment to protecting customer data
- Maximize Resources – Save time and expense associated with hiring extra legal and operations resources to assess and manage your privacy practices
TRUSTe APEC Privacy certifications follow a comprehensive and proven multi-step process to ensure your privacy practices meet applicable regulatory and industry standards.
Data Collection & Discovery
TRUSTe APEC privacy certifications begin with a review of your data privacy practices for collection, storage and transfer of personal information. We work with you to identify what data you collect, how you use it, who you share it with, third party agreements, use of trackers, privacy disclosures, opt-outs, and much more. We also review your stated privacy practices and policies. TRUSTe uses a combination of methodologies including a manual evaluation of your privacy practices by our team of privacy analysts, company interviews, and digital property scanning tools.
Digital Property Scanning Tools
TRUSTe will apply our scanning technology to the applicable websites and mobile apps, providing comprehensive insight into the variety of data collection activities happening throughout your site and apps. The scan will uncover what could take dozens to hundreds of hours to accomplish manually with internal resources. You’ll find the first and third party trackers with detailed information about them including identity, location, type of tracker and URL. The scan will also shed light into the tracking technologies used, and the entire chain of tracker source (“daisy chain”). You will also get a scoring and evaluation of third party tracker severity, using a proprietary algorithm that calculates its Privacy Sensitivity Index (PSI). It will also provide insights into personally identifiable information (PII) data collection.
Privacy Findings Report & Gap Analysis
We present you with a Privacy Findings Report summarizing a gap analysis between your privacy practices and the APEC Privacy Program Requirements along with the changes you need to make to your data privacy management practices and privacy policies to achieve certification. The TRUSTe Privacy Program Requirements are built upon the core principles of transparency, choice and accountability and they provide a comprehensive set of requirements based on applicable privacy regulations, industry self-regulatory requirements, and industry best practices.
Privacy Statement Validation
We validate that your new website privacy statement accurately reflects your privacy practices and is consistent with our Privacy Program Requirements.
Certified Privacy Seal
Once we validate that you’ve implemented the changes outlined in the Privacy Findings Report, you get access to the TRUSTe APEC Certified Privacy Seal. The seal is recognized globally as a high standard for privacy management and displayed on thousands of websites and apps. You can display the seal both on your privacy statement as well as in other prominent places like your website home page and site footer to demonstrate your commitment to privacy. The seal is hosted by TRUSTe and linked to a TRUSTe Validation Page to provide real-time verification that your website certification is current and valid.
Letter of Attestation
Once certification is complete, you can request a customized letter of attestation that your company is a TRUSTe client that has undergone a review and alignment with TRUSTe’s program requirements. This attestation can be shared with clients and business partners as part of RFPs and other processes reviews to complement the TRUSTe Seal, providing a competitive distinction and selling point.
Privacy Dispute Resolution Service
You also get access to our third-party dispute resolution service, which helps you efficiently manage privacy inquiries from customers. It also addresses the third-party dispute handling requirements for regulatory programs like the US-EU Safe Harbor Framework.
Ongoing Privacy Monitoring
The website Data Tracker Scanning technology used in your initial certification is be applied periodically to help you monitor the ongoing privacy risk for your certified websites. TRUSTed Website Monitoring Service can also include validation checks to alert you when something unexpected appears or if when needed content or functionality are not found.
Ongoing Privacy Guidance
TRUSTed Websites also provides you with access to ongoing privacy guidance as it relates to your TRUSTe certification, including new regulations, product plans, geographic expansion, and acquisitions. You’ll get access to TRUSTe Privacy Solutions experts along with Educational Webinars, Seminars, White Papers, and Research Reports.
TRUSTe Data Privacy Management Services
APEC Privacy Certification is part of our Data Privacy Management (DPM) Service solutions which include assessments and a wide range of certifications. DPM Services are managed by a team of TRUSTe privacy experts who combine 15+ years of expertise, a proven methodology and the power of our industry leading DPM platform to deliver solutions to you.
TRUSTe Data Privacy Management Platform
The DPM Platform is our comprehensive, SaaS-based technology solution which is available stand-alone and also used by TRUSTe to deliver our DPM Services.
For more information, visit TRUSTe Data Privacy Management Platform.