TRUSTe Privacy Program Standards
TRUSTe privacy certifications and verifications help organizations demonstrate compliance.
TRUSTe LLC (“TRUSTe”), a subsidiary of TrustArc Inc (“TrustArc”), offers a set of privacy assurance programs that enable organizations that collect or process personal information to demonstrate responsible data collection and processing practices consistent with regulatory expectations and external standards for privacy accountability. The programs are developed using the standards outlined in the TrustArc Privacy & Data Governance (“P&DG”) Framework (the “Framework”) and the unique requirements of the regulatory standard upon which a certain program is based.
The Framework is based upon recognized laws and regulatory standards, such as the OECD Privacy Guidelines, the APEC Privacy Framework, the EU General Data Protection Regulation (“GDPR”). ISO 27001, the U.S. Health Insurance Portability and Accountability Act (“HIPAA”), and other privacy laws and regulations globally.
Assurance Program Governance Standards
These are the standards that TRUSTe applies to manage all of its certification and verification programs. All companies participating in a TRUSTe Certification Program must comply with the Assurance Program Governance Standards in addition to the standards relating to the program for which they are participating in (e.g., Privacy Shield, APEC CBPR), with the exception of the Children’s Privacy Program. To review the Assurance Program Governance Standards, click here.
Certifications and Verifications Subject to the Assurance Program Governance Standards
APEC Cross Border Privacy Rules (CBPR)*
Program designed to ensure the continued free flow of personal information across Asia-Pacific Economic Cooperation member country borders, while establishing meaningful protection for the privacy and security of personal information – this is a certification for data Controllers. See APEC CBPR official website and TRUSTe APEC CBPR Certification web page.
APEC Privacy Recognition for Processors (PRP)**
Enterprise Privacy & Data Governance Practices
This program is designed to enable organizations to demonstrate that their privacy and data governance practices for personal information comply with the standards outlined in the TrustArc Privacy & Data Governance Framework which is aligned with external regulatory standards and frameworks (e.g, FIPPs, OECD). See TRUSTe Enterprise Certification web page.
This program applies to companies who help in the optimization or serving of an online advertisement and provides Ad Companies who lack a direct relationship with an Individual a way to demonstrate they use data collected from web sites or mobile applications, or data received from different sources in a manner that respects an Individual’s preference. See TRUSTe Data Collection Certification web page.
EU-US and Swiss-US Privacy Shield
This program is designed to enable organizations, in preparation for self-certification with the U.S. Department of Commerce (DOC), to assess and obtain verification from TRUSTe, as an outside compliance reviewer, that their privacy and data governance practices for personal information comply with the principles set forth in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. See Privacy Shield official website and TRUSTe Privacy Shield Verification web page.
Other TRUSTe Programs
Data Collection Validation
This program applies to companies who help in the optimization or serving of an online advertisement and provides Ad Companies who lack a direct relationship with an Individual a way to validate they use data collected from web sites or mobile applications, or data received from different sources in a manner that respects an Individual’s preference.
This program is designed for businesses that have actual knowledge they collect personal information (“PI”) from children under the age of 13; offer websites or online services directed at or targeted towards children under age 13; or have actual knowledge they are collecting PI directly from the users of a website or online service directed at or targeted towards children. See Children’s Privacy Certification web page.
Program designed to establish best practices with respect to downloads – this is a certification designed by TRUSTe.
*TRUSTe’s APEC CBPR accountability agent participation documents are available for review by downloading the following:
- TRUSTe Application for APEC CBPR system recognition (19 December 2012)
- JOP Recommendation Report regarding TRUSTe’s application to become a CBPR system recognised AA (18 June 2013)
- JOP Addendum to the Recommendation Report on APEC recognition of TRUSTe (12 April 2013)
- JOP TRUSTe 2014 Recertification Report (29 December 2014)
**TRUSTe APEC PRP accountability agent participation documents are available for review by downloading the following: