TRUSTe Privacy Program Standards

TRUSTe privacy certifications and verifications help organizations demonstrate compliance.

TRUSTe LLC ("TRUSTe"), a subsidiary of TrustArc Inc ("TrustArc"), offers a set of privacy assurance programs that enable organizations that collect or process personal information to demonstrate responsible data collection and processing practices consistent with regulatory expectations and external standards for privacy accountability. The programs are developed using the standards outlined in the TrustArc Privacy & Data Governance ("P&DG") Framework (the "Framework") and the unique requirements of the regulatory standard upon which a certain program is based.

The Framework is based upon recognized laws and regulatory standards, such as the OECD Privacy Guidelines, the APEC Privacy Framework, the EU General Data Protection Regulation ("GDPR"). ISO 27001, the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), and other privacy laws and regulations globally.

Click on the links in the tables below to learn more about our current certifications and verifications and the Standards related to each.

Assurance Program Governance Standards

These are the standards that TRUSTe applies to manage all of its certification and verification programs. All companies participating in a TRUSTe Certification Program must comply with the Assurance Program Governance Standards in addition to the standards relating to the program for which they are participating in (e.g., Privacy Shield, APEC CBPR), with the exception of the Children’s Privacy Program. To review the Assurance Program Governance Standards, click here.

Certifications and Verifications Subject to the Assurance Program Governance Standards

Program Name

Type

Description

Standards

APEC Cross Border Privacy Rules (CBPR)*

Certification

Program designed to ensure the continued free flow of personal information across Asia-Pacific Economic Cooperation member country borders, while establishing meaningful protection for the privacy and security of personal information - this is a certification for data Controllers. See APEC CBPR official website and TRUSTe APEC CBPR Certification web page.

View

APEC Privacy Recognition for Processors (PRP)**

Certification

This program is designed for Processors to demonstrate their ability to support controllers in compliance with the APEC CBPR and help Controllers identify qualified and accountable Processors. See APEC PRP governance document and TRUSTe APEC PRP Certification web page.

View

Enterprise Privacy & Data Governance Practices

Certification

This program is designed to enable organizations to demonstrate that their privacy and data governance practices for personal information comply with the standards outlined in the TrustArc Privacy & Data Governance Framework which is aligned with external regulatory standards and frameworks (e.g, FIPPs, OECD). See TRUSTe Enterprise Certification web page.

View

TRUSTe Data Collection

Certification

This program applies to companies who help in the optimization or serving of an online advertisement and provides Ad Companies who lack a direct relationship with an Individual a way to demonstrate they use data collected from web sites or mobile applications, or data received from different sources in a manner that respects an Individual’s preference. See TRUSTe Data Collection Certification web page.

View

EU-US and Swiss-US Privacy Shield

Verification

This program is designed to enable organizations, in preparation for self-certification with the U.S. Department of Commerce (DOC), to assess and obtain verification from TRUSTe, as an outside compliance reviewer, that their privacy and data governance practices for personal information comply with the principles set forth in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. See Privacy Shield official website and TRUSTe Privacy Shield Verification web page.

View

Other TRUSTe Programs

Program Name

Type

Description

Standards

Children’s Privacy

Certification

This program is designed for businesses that have actual knowledge they collect personal information ("PI") from children under the age of 13; offer websites or online services directed at or targeted towards children under age 13; or have actual knowledge they are collecting PI directly from the users of a website or online service directed at or targeted towards children. See Children's Privacy Certification web page.

View

TRUSTe Downloads

Certification

Program designed to establish best practices with respect to downloads - this is a certification designed by TRUSTe.

View



*TRUSTe's APEC CBPR accountability agent participation documents are available for review by downloading the following:

**TRUSTe APEC PRP accountability agent participation documents are available for review by downloading the following: