TRUSTe welcomes launch of groundbreaking EU-APEC Referential as an important step towards global inter-operability of data privacy frameworks
San Francisco, [text-blocks id=”post-date”] – TRUSTe, the leading global data privacy management company and the first approved Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System, announced today that two additional companies have achieved APEC Certification through TRUSTe. This follows the announcement last Thursday by the FTC, together with agency officials from the European Union and APEC economies, with the ultimate goal of helping businesses transfer data around the world in a safe way in compliance with global privacy frameworks.
Lynda.com and Yodlee are the two latest companies to be certified in compliance with the APEC Cross Border Privacy Rules in addition to IBM and Merck. Commenting on their APEC Certification, David Glaubke, Director of Corporate Communications at Lynda.com said:
”Lynda.com is committed to protecting the privacy of our users, and the APEC Privacy certification helps protect the exchange of personal information across borders, which is vital to our business. As we continue to grow in different regions throughout the world, we want to continue to build trust with our users, address concerns about privacy and be transparent about our data privacy practices.”
The EU-APEC Referential announced last week, maps together the requirements for APEC Cross Border Privacy Rules (CBPRs) and EU Binding Corporate Rules (BCRs). The document, jointly designed by APEC officials and the EU’s Article 29 Data Protection Working Party, is designed to be a practical reference tool for companies that seek “double certification” under these APEC and EU systems, and shows the substantial overlap between the two.
Chris Babel CEO TRUSTe welcomed the announcements saying:
“The safe handling of customers’ personal information is crucial for the success of businesses as they enter new markets with different privacy frameworks. Now more than ever the challenge of dealing with global data privacy landscape couldn’t be more apparent.
“At TRUSTe we have been working closely on the development of the CBPR framework since 2007 including participating in the US delegation to APEC and have been the Accountability Agent in the US since last June. We’ve also partnered with Promontory to help clients seeking a BCR solution for data compliance in the EU.
“Through this work, we understand the practical challenges that these differing privacy frameworks create for companies looking to act responsibly in their use of customer data. We welcome the announcement made by EU agencies and APEC economies which will make it easier for companies to demonstrate global compliance under international standards and is an exciting step towards further interoperability of privacy frameworks worldwide.”
Simon McDougall Managing Director and Head of Promontory’s Privacy Practice said:
“One of the biggest challenges for all international firms is managing the diverse range of privacy regimes around the world. Any effort among regulators to share information and work towards greater co-ordination is clearly positive. Promontory’s work with TRUSTe on BCRs is also aimed at helping organizations to manage diverse privacy rules, so we appreciate the practical challenges.”
In order to help companies better understand the new EU-APEC Referential, and how they can achieve global privacy compliance via the APEC and BCR Frameworks, TRUSTe is hosting a webinar on March 25 with Josh Harris, Policy Director at the Future of Privacy Forum, Simon McDougall from Promontory and Saira Nayak, Policy Director at TRUSTe. Register here for further details.
About APEC Cross Border Privacy Rules
The APEC CBPR System is a self-regulatory initiative that addresses cross border data flows between the United States and other APEC Member Economies, through voluntary and enforceable codes of conduct adopted by participating businesses. TRUSTe was approved as the first Accountability Agent for the APEC CBPR System in June 2013. Additional details about the TRUSTe APEC Privacy program are available at: www.truste.com/apec
About Binding Corporate Rules
BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with Data Protection Directive 95/46/EC. Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organization in line with the requirements of the Article 29 Working Party papers on Binding Corporate Rules. TRUSTe and Promontory launched a joint BCR Management Program in February 2013. Additional details are available at: https://www.truste.com/bcr