TRUSTe Privacy Certifications – Address FIPS, GAPP, OECD, EU Safe Harbor, APEC, and more!
Not only are consumer devices and enterprise digital properties increasing rapidly, so too are trust concerns and compliance requirements. Over 91% of internet users say they avoid doing business with companies that do not protect their privacy. Nearly 8 out of 10 consumers will not download an app they don’t trust. Convincing potential customers and business partners that they can trust you with their data is now more important than ever in a new world of heightened data privacy awareness.
Strong data privacy management practices are required to ensure that you are safely collecting and using customer and employee data while building trust and protecting your brand.
TRUSTe offers a range of Enterprise Privacy Certifications that include ongoing access via an annual subscription to an integrated set of services including:
- Privacy assessments against recognized global privacy frameworks
- Certification for all of your online properties, including websites, mobile apps, and cloud platforms
- Access to certification for offline and employee data management practices
- Privacy Findings Report with Gap Analysis between your practices and the requirements
- Fully managed service with a dedicated privacy solution team
- TRUSTe and APEC Certified Privacy seals awarded to businesses that meet Certification Standards
- Easy-to-understand user notice of certification details through the Validation Page
Key Benefits
- Reduce Risk and Ensure Global Compliance to emerging international requirements, enabling cross-border transfers necessary to support business growth
- Build Trust and Drive Engagement with users, clients, business partners, and regulators by demonstrating your commitment to protecting customer and employee data across the enterprise
- Protect Brand from negative media coverage due to privacy issues
- Maximize Resources by freeing up your legal and operations team to devote time towards other strategic and prioritized organizational initiatives
- Demonstrate Privacy Compliance Across the Enterprise with certification for al your organization’s online properties and extend coverage to offline and employee data
Flexible Options to Grow With Your Business
Four levels of Enterprise Privacy Certification are available to provide you with the right set of privacy services to match your organization’s needs.
- StandardEnhanced + EUSH1Enhanced + APECComprehensive + EUSH1 + APEC
- Managed Service + Technology
Dedicated privacy team powered by the TRUSTe PlatformIncludedIncludedIncludedIncluded - Online Data (Web, Apps, Cloud)
Use & collection of online dataIncludedIncludedIncludedIncluded - Offline Data
Use & collection of offline dataOptionalOptionalIncluded*Included* - Employee Data
Use & collection of employee dataOptionalOptionalIncluded**Included** - Certification Standards
Standards based on recognized regulatory frameworksFIPS, OECD,
GAPP, etcFIPS, OECD,
GAPP, etc.
US-EU Safe HarborFIPS, OECD,
GAPP, etc.
APEC CBPRFIPS, OECD,
GAPP, etc.
US-EU Safe Harbor,
APEC CBPR - Certification Types
Certification included in the packageTRUSTe CertifiedTRUSTe Certified
Prep for Safe Harbor – Customer Data (Employee Data Optional)TRUSTe Certified
TRUSTe APEC PrivacyTRUSTe Certified
Prep for Safe Harbor – Customer Data (Employee Data Optional)
TRUSTe APEC Privacy - Seal + Validation Page
Demonstrate compliance - Ongoing Monitoring & Guidance
Privacy experts by your sideIncludedIncludedIncludedIncluded
1US-EU / US-Swiss Safe Harbor *Up to 3 policies **Up to 1 policy
Certification Requirements Based on Recognized Regulatory Frameworks
Standard
Requirements are based on globally recognized privacy frameworks, including FIPs, OECD, GAPP, state and local frameworks such as CalOPPA, and many others.
Enhanced = Standard + EU Safe Harbor
Includes Standard requirements enhanced with the US-EU and US-Swiss Safe Harbor Framework, enabling cross-border transfers necessary to support business growth. Learn More »
Enhanced = Standard + APEC
Includes Standard requirements enhanced with the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) Privacy Framework, enabling cross-border transfers necessary to support business growth. Learn More »
Comprehensive = Standard + EU Safe Harbor + APEC
Includes Standard requirements enhanced with both the EU Safe Harbor and APEC Frameworks. This level will continue evolving to align with emerging global frameworks to help ensure privacy compliance at the highest international standards.
Certification Process
Scoping
The first step is to define the scope of privacy assessment and certification, whether to limit to a particular business unit or product/service or to broaden to apply across the enterprise. We will work with you to identify the specific digital properties for online customer data management assessment, as well as the scope of employee data management practices for review. You also have the option of assessing offline customer data management practices relating to online transactions, e.g., in point-of-sale transactions at local kiosks or in the customer service call center where customer data may also be recorded in physical form.Assessment Questionnaire & Discovery
A formal Assessment Questionnaire will help gather data privacy management practices and all necessary evidence to test privacy compliance against the TRUSTe Certification Standards. We work with you to gather key information including what data you collect, how you use it, with whom you share it with, third party agreements, use of trackers, privacy disclosures, opt-outs, and more. We also review your stated privacy practices and policies. Our privacy professionals use a combination of methodologies including sampling and manual evaluation of your privacy practices by our team of privacy analysts, company interviews and on-site engagements, and digital property scanning tools.Testing Methodology
Digital property testing will be conducted using an audit process and sampling methodology based on the AICPA Audit Guide, Government Auditing Standards for financial statement and compliance audits.Digital Property Scanning Tools
TRUSTe will apply proprietary scanning technology to the applicable digital properties providing comprehensive insight into the variety of data collection activities happening throughout your sites and apps. The scan will uncover what would take dozens to hundreds of hours to accomplish manually with internal resources. You’ll find the first and third party trackers with detailed information about them including identity, location, type of tracker and URL. The scan will also shed light into the tracking technologies used, and the entire chain of tracker source (“daisy chain”). You will also get a scoring and evaluation of third party tracker severity, using a proprietary algorithm that calculates its Privacy Sensitive Index (PSI). It will also provide insights into personally identifiable information (PII) data collection.Privacy Findings Report & Gap Analysis
We present you with a Privacy Findings Report summarizing a gap analysis between your privacy practices and the Certification Standards along with the changes you need to make to your data privacy management practices and privacy policies to achieve certification. Our Certification Standards are built upon the core principles of transparency, choice and accountability and they provide a comprehensive set of requirements based on applicable privacy regulations, industry self-regulatory requirements, and industry best practices.Privacy Statement Validation
We validate that your privacy statements accurately reflect your privacy practices and is consistent with our Certification Standards.Certified Privacy Seal & Validation Page
Once we validate that you’ve implemented the changes outlined in the Privacy Findings Report, you get access to the TRUSTe Certified Privacy Seal or the APEC Certified Privacy Seal based on your qualified certification level. The seals are recognized globally as representing high standards for privacy management and are displayed on thousands of websites and apps. You can display the seal both on your privacy statement as well as in other prominent places like your website home page and site footer to demonstrate your commitment to privacy. The seal is hosted by TRUSTe and linked to a TRUSTe Validation Page to provide real-time verification that your certification is current and valid.Letter of Attestation
Once certification is complete, you can request a letter of attestation that your company has undergone a review and alignment with TRUSTe Certification Standards. This attestation can be shared with your business partners as part of RFPs and other process reviews, providing your organization with competitive differentiation.Privacy Dispute Resolution Service
TRUSTe also provides a third-party dispute resolution service, which helps you efficiently manage privacy inquiries from customers. It also addresses the dispute handling requirements for regulatory programs like the US-EU Safe Harbor Framework.Ongoing Privacy Monitoring
The scanning technology used in your initial certification is used periodically to help you monitor the ongoing privacy risk for your certified digital properties. The monitoring service can also include validation checks to alert you when something unexpected appears or when required content or functionality are not detected.Ongoing Privacy Guidance
TRUSTe provides you with ongoing privacy guidance as it relates to your Enterprise Privacy Certification. You’ll get access to TRUSTe privacy experts along with Educational Webinars, Seminars, White Papers, and Privacy Research Reports.TRUSTe Privacy Professionals
TRUSTe Privacy Services are delivered by our Privacy Consultants and Privacy Services Managers, a team of recognized data privacy experts with significant experience conducting privacy assessments. Our team has a unique hybrid background of privacy, technology, business process, and project management experience. All are CIPP trained or certified, many have law degrees, and have hands-on experience working for a wide range of companies including Adobe, American Express, Citrix, Comcast, HSBC Bank, IBM, Kimberly-Clark, Microsoft, Pfizer, and many more.
Our privacy team leverages nearly 20 years experience delivering data privacy management solutions for thousands of global brands along with our comprehensive technology platform. We also have key regulatory relationships and are a leading provider of privacy services supporting regulatory and self-regulatory compliance programs for a wide range of agencies including APEC, DOC, DAA, EDAA, and FTC.
TRUSTe Technology Platform
Our Data Privacy Management Services leverage the TRUSTe Platform, a comprehensive, SaaS technology solution that provides state of the art assessment management, compliance control, and website scanning / monitoring capabilities.