TRUSTe Privacy Certifications – Address FIPS, GAPP, OECD, EU Safe Harbor, APEC, and more!


Not only are consumer devices and enterprise digital properties increasing rapidly, so too are trust concerns and compliance requirements. Over 91% of internet users say they avoid doing business with companies that do not protect their privacy. Nearly 8 out of 10 consumers will not download an app they don’t trust. Convincing potential customers and business partners that they can trust you with their data is now more important than ever in a new world of heightened data privacy awareness.

Strong data privacy management practices are required to ensure that you are safely collecting and using customer and employee data while building trust and protecting your brand.

TRUSTe offers a range of Enterprise Privacy Certifications that include ongoing access via an annual subscription to an integrated set of services including:

  • Privacy assessments against recognized global privacy frameworks
  • Certification for all of your online properties, including websites, mobile apps, and cloud platforms
  • Access to certification for offline and employee data management practices
  • Privacy Findings Report with Gap Analysis between your practices and the requirements
  • Fully managed service with a dedicated privacy solution team
  • TRUSTe and APEC Certified Privacy seals awarded to businesses that meet Certification Standards
  • Easy-to-understand user notice of certification details through the Validation Page

Key Benefits

  • Reduce Risk and Ensure Global Compliance to emerging international requirements, enabling cross-border transfers necessary to support business growth
  • Build Trust and Drive Engagement with users, clients, business partners, and regulators by demonstrating your commitment to protecting customer and employee data across the enterprise
  • Protect Brand from negative media coverage due to privacy issues
  • Maximize Resources by freeing up your legal and operations team to devote time towards other strategic and prioritized organizational initiatives
  • Demonstrate Privacy Compliance Across the Enterprise with certification for al your organization’s online properties and extend coverage to offline and employee data

Flexible Options to Grow With Your Business

Four levels of Enterprise Privacy Certification are available to provide you with the right set of privacy services to match your organization’s needs.

  • Standard
    Enhanced + EUSH1
    Enhanced + APEC
    Comprehensive + EUSH1 + APEC
  • Managed Service + Technology
    Dedicated privacy team powered by the TRUSTe Platform
    Included
    Included
    Included
    Included
  • Online Data (Web, Apps, Cloud)
    Use & collection of online data
    Included
    Included
    Included
    Included
  • Offline Data
    Use & collection of offline data
    Optional
    Optional
    Included*
    Included*
  • Employee Data
    Use & collection of employee data
    Optional
    Optional
    Included**
    Included**
  • Certification Standards
    Standards based on recognized regulatory frameworks
    FIPS, OECD,
    GAPP, etc
    FIPS, OECD,
    GAPP, etc.
    US-EU Safe Harbor
    FIPS, OECD,
    GAPP, etc.
    APEC CBPR
    FIPS, OECD,
    GAPP, etc.
    US-EU Safe Harbor,
    APEC CBPR
  • Certification Types
    Certification included in the package
    TRUSTe Certified
    TRUSTe Certified
    Prep for Safe Harbor – Customer Data (Employee Data Optional)
    TRUSTe Certified
    TRUSTe APEC Privacy
    TRUSTe Certified
    Prep for Safe Harbor – Customer Data (Employee Data Optional)
    TRUSTe APEC Privacy
  • Seal + Validation Page
    Demonstrate compliance
  • Ongoing Monitoring & Guidance
    Privacy experts by your side
    Included
    Included
    Included
    Included

1US-EU / US-Swiss Safe Harbor     *Up to 3 policies     **Up to 1 policy



Certification Requirements Based on Recognized Regulatory Frameworks

Standard

Requirements are based on globally recognized privacy frameworks, including FIPs, OECD, GAPP, state and local frameworks such as CalOPPA, and many others.

Enhanced = Standard + EU Safe Harbor

Includes Standard requirements enhanced with the US-EU and US-Swiss Safe Harbor Framework, enabling cross-border transfers necessary to support business growth. Learn More »

Enhanced = Standard + APEC

Includes Standard requirements enhanced with the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) Privacy Framework, enabling cross-border transfers necessary to support business growth. Learn More »

Comprehensive = Standard + EU Safe Harbor + APEC

Includes Standard requirements enhanced with both the EU Safe Harbor and APEC Frameworks. This level will continue evolving to align with emerging global frameworks to help ensure privacy compliance at the highest international standards.

Certification Process


Scoping

The first step is to define the scope of privacy assessment and certification, whether to limit to a particular business unit or product/service or to broaden to apply across the enterprise. We will work with you to identify the specific digital properties for online customer data management assessment, as well as the scope of employee data management practices for review. You also have the option of assessing offline customer data management practices relating to online transactions, e.g., in point-of-sale transactions at local kiosks or in the customer service call center where customer data may also be recorded in physical form.

Assessment Questionnaire & Discovery

A formal Assessment Questionnaire will help gather data privacy management practices and all necessary evidence to test privacy compliance against the TRUSTe Certification Standards. We work with you to gather key information including what data you collect, how you use it, with whom you share it with, third party agreements, use of trackers, privacy disclosures, opt-outs, and more. We also review your stated privacy practices and policies. Our privacy professionals use a combination of methodologies including sampling and manual evaluation of your privacy practices by our team of privacy analysts, company interviews and on-site engagements, and digital property scanning tools.

Testing Methodology

Digital property testing will be conducted using an audit process and sampling methodology based on the AICPA Audit Guide, Government Auditing Standards for financial statement and compliance audits.

Digital Property Scanning Tools

TRUSTe will apply proprietary scanning technology to the applicable digital properties providing comprehensive insight into the variety of data collection activities happening throughout your sites and apps. The scan will uncover what would take dozens to hundreds of hours to accomplish manually with internal resources. You’ll find the first and third party trackers with detailed information about them including identity, location, type of tracker and URL. The scan will also shed light into the tracking technologies used, and the entire chain of tracker source (“daisy chain”). You will also get a scoring and evaluation of third party tracker severity, using a proprietary algorithm that calculates its Privacy Sensitive Index (PSI). It will also provide insights into personally identifiable information (PII) data collection.

Privacy Findings Report & Gap Analysis

We present you with a Privacy Findings Report summarizing a gap analysis between your privacy practices and the Certification Standards along with the changes you need to make to your data privacy management practices and privacy policies to achieve certification. Our Certification Standards are built upon the core principles of transparency, choice and accountability and they provide a comprehensive set of requirements based on applicable privacy regulations, industry self-regulatory requirements, and industry best practices.

Privacy Statement Validation

We validate that your privacy statements accurately reflect your privacy practices and is consistent with our Certification Standards.

Certified Privacy Seal & Validation Page

Once we validate that you’ve implemented the changes outlined in the Privacy Findings Report, you get access to the TRUSTe Certified Privacy Seal or the APEC Certified Privacy Seal based on your qualified certification level. The seals are recognized globally as representing high standards for privacy management and are displayed on thousands of websites and apps. You can display the seal both on your privacy statement as well as in other prominent places like your website home page and site footer to demonstrate your commitment to privacy. The seal is hosted by TRUSTe and linked to a TRUSTe Validation Page to provide real-time verification that your certification is current and valid.

Letter of Attestation

Once certification is complete, you can request a letter of attestation that your company has undergone a review and alignment with TRUSTe Certification Standards. This attestation can be shared with your business partners as part of RFPs and other process reviews, providing your organization with competitive differentiation.

Privacy Dispute Resolution Service

TRUSTe also provides a third-party dispute resolution service, which helps you efficiently manage privacy inquiries from customers. It also addresses the dispute handling requirements for regulatory programs like the US-EU Safe Harbor Framework.

Ongoing Privacy Monitoring

The scanning technology used in your initial certification is used periodically to help you monitor the ongoing privacy risk for your certified digital properties. The monitoring service can also include validation checks to alert you when something unexpected appears or when required content or functionality are not detected.

Ongoing Privacy Guidance

TRUSTe provides you with ongoing privacy guidance as it relates to your Enterprise Privacy Certification. You’ll get access to TRUSTe privacy experts along with Educational Webinars, Seminars, White Papers, and Privacy Research Reports.



TRUSTe Privacy Professionals


TRUSTe Privacy Services are delivered by our Privacy Consultants and Privacy Services Managers, a team of recognized data privacy experts with significant experience conducting privacy assessments. Our team has a unique hybrid background of privacy, technology, business process, and project management experience. All are CIPP trained or certified, many have law degrees, and have hands-on experience working for a wide range of companies including Adobe, American Express, Citrix, Comcast, HSBC Bank, IBM, Kimberly-Clark, Microsoft, Pfizer, and many more.

Our privacy team leverages nearly 20 years experience delivering data privacy management solutions for thousands of global brands along with our comprehensive technology platform. We also have key regulatory relationships and are a leading provider of privacy services supporting regulatory and self-regulatory compliance programs for a wide range of agencies including APEC, DOC, DAA, EDAA, and FTC.

TRUSTe Technology Platform


Our Data Privacy Management Services leverage the TRUSTe Platform, a comprehensive, SaaS technology solution that provides state of the art assessment management, compliance control, and website scanning / monitoring capabilities.

Data privacy management platform from TRUSTe offering web, cloud, mobile and ad privacy solutions.

Be in Good Company

Resources