TRUSTe is an Accountability Agent approved to certify data transfer practices under the Asia-Pacific Economic Cooperation CBPR framework
Asia-Pacific Economic Cooperation (APEC) is the premier Asia-Pacific economic forum whose primary goal is to support sustainable economic growth and prosperity in the Asia-Pacific region. The APEC Cross Border Privacy Rules (CBPR) is the first framework approved for the transfer of personal data between all 21 APEC Member countries with the U.S. being the first formal participant and the Federal Trade Commission serving as the first enforcement authority.
What is the APEC privacy framework?
The APEC Privacy Framework is a framework developed by APEC’s Electronic Commerce Steering Group (ECSG). It is aimed at effective information privacy protection and the free flow of information in the Asia-Pacific region – two factors that are key to improving consumer confidence and ensuring the growth of electronic commerce.
What is the CBPR system?
The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary self-regulatory initiative designed to ensure the continued free flow of personal information across borders, within the APEC membership, while establishing meaningful protection for the privacy and security of personal information. To view TRUSTe’s accountability agent participation documents click here
Global Brands Choose TRUSTe for APEC Certification
Companies doing business in the Asia-Pacific region choose TRUSTe for APEC Certification to demonstrate their commitment to consumer data privacy and protection under the APEC CBPR system.
To view a complete list of APEC Certified companies click here.
APEC Privacy Certification Benefits
- Improve Compliance – Reduce the legal risks associated with meeting complex data privacy management requirements
- Protect Brand – Protect your brand from negative media coverage due to privacy issues
- Build Trust – Build trust with users, clients, business partners, and regulators by demonstrating your commitment to protecting customer data
- Maximize Resources – Save time and expense associated with hiring extra legal and operations resources to assess and manage your privacy practices
TRUSTe APEC Privacy certifications follow a comprehensive and proven multi-step process to ensure your privacy practices meet applicable regulatory and industry standards.
Data Collection & Discovery
TRUSTe APEC privacy certifications begin with a review of your data privacy practices for collection, storage and transfer of personal information. We work with you to identify what data you collect, how you use it, who you share it with, third party agreements, use of trackers, privacy disclosures, opt-outs, and much more. We also review your stated privacy practices and policies. TRUSTe uses a combination of methodologies including a manual evaluation of your privacy practices by our team of privacy analysts, company interviews, and digital property scanning tools.
Digital Property Scanning Tools
TRUSTe will apply our scanning technology to the applicable websites and mobile apps, providing comprehensive insight into the variety of data collection activities happening throughout your site and apps. The scan will uncover what could take dozens to hundreds of hours to accomplish manually with internal resources. You’ll find the first and third party trackers with detailed information about them including identity, location, type of tracker and URL. The scan will also shed light into the tracking technologies used, and the entire chain of tracker source (“daisy chain”). You will also get a scoring and evaluation of third party tracker severity, using a proprietary algorithm that calculates its Privacy Sensitivity Index (PSI). It will also provide insights into personally identifiable information (PII) data collection.
Privacy Findings Report & Gap Analysis
We present you with a Privacy Findings Report summarizing a gap analysis between your privacy practices and the APEC Privacy Certification Standards along with the changes you need to make to your data privacy management practices and privacy policies to achieve certification. The TRUSTe Privacy Certification Standards are built upon the core principles of transparency, choice and accountability and they provide a comprehensive set of requirements based on applicable privacy regulations, industry self-regulatory requirements, and industry best practices.
Privacy Statement Validation
We validate that your new website privacy statement accurately reflects your privacy practices and is consistent with our Privacy Certification Standards.
Certified Privacy Seal
Once we validate that you’ve implemented the changes outlined in the Privacy Findings Report, you get access to the TRUSTe APEC Certified Privacy Seal. The seal is recognized globally as a high standard for privacy management and displayed on thousands of websites and apps. You can display the seal both on your privacy statement as well as in other prominent places like your website home page and site footer to demonstrate your commitment to privacy. The seal is hosted by TRUSTe and linked to a TRUSTe Validation Page to provide real-time verification that your website certification is current and valid.
Letter of Attestation
Once certification is complete, you can request a customized letter of attestation that your company is a TRUSTe client that has undergone a review and alignment with TRUSTe’s program requirements. This attestation can be shared with clients and business partners as part of RFPs and other processes reviews to complement the TRUSTe Seal, providing a competitive distinction and selling point.
Privacy Dispute Resolution Service
You also get access to our third-party dispute resolution service, which helps you efficiently manage privacy inquiries from customers. It also addresses the third-party dispute handling requirements for regulatory programs like the US-EU Safe Harbor Framework.
Ongoing Privacy Monitoring
The website Data Tracker Scanning technology used in your initial certification is be applied periodically to help you monitor the ongoing privacy risk for your certified websites. TRUSTed Website Monitoring Service can also include validation checks to alert you when something unexpected appears or if when needed content or functionality are not found.
Ongoing Privacy Guidance
TRUSTed Websites also provides you with access to ongoing privacy guidance as it relates to your TRUSTe certification, including new regulations, product plans, geographic expansion, and acquisitions. You’ll get access to TRUSTe Privacy Solutions experts along with Educational Webinars, Seminars, White Papers, and Research Reports.
TRUSTe Privacy Professionals
TRUSTe Privacy Services are delivered by our Privacy Consultants and Privacy Services Managers, a team of recognized data privacy experts with significant experience leading global privacy assessments for large enterprises. Our team has a unique hybrid background of legal, technology, business process, and project management experience. All are CIPP trained and many have law degrees, practiced in privacy and information law, are CIPP-certified, and have experience as privacy leaders and consultants for top companies like Yahoo!, American Express, IBM, Pfizer, Aventis, Kimberly-Clark, HSBC Bank, Hertz, Comcast, Citrix, Adobe Systems, Intel, Intuit, and Microsoft.
Together, our people deliver the most comprehensive suite of Privacy Services available, leveraging the power of TRUSTe’s state-of-the-art technology Platform. TRUSTe has specialized in Data Privacy Management for almost two decades. As the leading privacy brand, we’ve become one of the most experienced and innovative Data Privacy Management companies in the world. We have key regulatory relationships and are a leading provider of privacy services supporting regulatory and self-regulatory compliance programs for a wide range of agencies including APEC, DOC, DAA, EDAA, and FTC. Our privacy experts assist clients with all of their privacy compliance needs.
TRUSTe Technology Platform
Our Data Privacy Management Services leverage the TRUSTe Platform, a comprehensive, SaaS-based technology solution that provides state of the art assessment management, compliance control, and website scanning / monitoring capabilities.