With the rapid expansion in digital properties and heightened data privacy concerns, maintaining trust is more important than ever. It is no longer enough to say that an individual website or mobile app has good privacy practices. Companies need to be able to demonstrate to customers, employees, partners and regulators that they have strong data privacy management practices across the whole enterprise.
To meet these evolving business requirements, TRUSTe is launching Enterprise Privacy Certification for general availability on April 1, 2015. This new offering consolidates five separate privacy services – TRUSTed Websites, TRUSTed Apps, TRUSTed Cloud, US-EU Safe Harbor Prep and APEC into one comprehensive Certification package. The new Enterprise Privacy Certification will enable companies to demonstrate broader privacy compliance across the company rather than focusing on individual websites, apps or cloud platforms.
Four levels of Enterprise Privacy Certification are available – Standard, Enhanced, EU Safe Harbor Preparedness, Enhanced APEC, or Comprehensive – designed to meet the expanded needs of global organizations. These changes will make it easier for an enterprise to expand the scope of their Certification to include:
- All online properties across the enterprise – for companies with large numbers of online properties, testing of online properties will be conducted using an audit process and sampling methodology based on the AICPA Audit Guide, Government Auditing Standards for financial statement and compliance audits
- Select offline and employee data management practices, consistent with US-EU / US-Swiss Safe Harbor and Asia-Pacific Economic Cooperation (APEC) Frameworks.
Certified enterprises will be entitled to display the globally recognized TRUSTe Certified Privacy Seal or the APEC Certified Privacy Seal, depending on the certification option they achieve. We have also introduced enhanced online validation pages to provide consumers with greater transparency about the scope of the Certification through clear and concise descriptions of the components of the Certification Standards that the company meets.
We have also revised our TRUSTe Certification Standards to support this new structure. We continually review and periodically amend our Certification Standards to respond to evolving privacy practices and regulatory developments. For example, we recently published amended APEC Privacy Certification Standards as part of our renewal as an Accountability Agent for the APEC Cross Border Privacy Rules (CBPR) System.
Further details of the changes are included on the Enterprise Privacy Certification Page on the website or you can contact Joanne Furtsch, Director of Product Policy, at firstname.lastname@example.org.