Iterable proudly announces that we have successfully secured both the Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) certifications.
Over the years, Iterable has worked hard to help enable our customers’ compliance around GDPR, HIPAA, and a variety of geo- and industry-specific requirements. With continual changes in global privacy regulations our customers are faced with ongoing challenges to remain compliant.
The CBPR and PRP certifications proactivity solve for data privacy compliance and cross-border trust. The PRP ensures that we treat our customers’ end user data with the required care and diligence, while the CBPR ensures we’re treating your (our direct customer) data with the same level of care and diligence.
CBPR and PRP Overview
The Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) standards are a response to the fact that, despite data traveling quickly and easily across borders, privacy requirements in each country tend to vary, creating a complex system of requirements. This certification process examines those requirements and affirms that Iterable complies with the privacy principles outlined in the APEC Privacy Framework, aligning us with global privacy standards.
“The APEC Cross-Border Privacy Rules (CBPR) System, endorsed by APEC Leaders in 2011, is a voluntary, accountability-based system that facilitates privacy-respecting data flows among APEC economies.”
In short, it signals that Iterable’s privacy practices meet those standards and can better enable cross border data flow to these participating APEC Economies:
- Republic of Korea
- United States
How Does the CBPR System Work?
According to APEC.org, “The CBPR system protects personal data by requiring:
- Enforceable standards: To join, participating economies must demonstrate that CBPR program requirements will be legally enforceable against certified companies.
- Accountability: To become certified, a company must demonstrate to an accountability agent—an independent CBPR system-recognized public or private sector entity— that they meet the CBPR program requirements, and the company is subject to ongoing monitoring and enforcement.
- Risk-based protections: Certified companies must implement security safeguards for personal data that are proportional to the probability and severity of the harm threatened, the confidential nature or sensitivity of the information, and the context in which it is held.
- Consumer-friendly complaint handling: Accountability agents receive and investigate complaints and resolve disputes between consumers and certified companies in relation to non-compliance with its program requirements.
- Consumer empowerment: Certified companies must provide consumers with the opportunity to access and correct their personal data. Further, by publicly certifying to the CBPR system’s requirements, consumers gain insight into the privacy practices on business with which they choose to do business.
- Consistent protections: While governments may impose additional requirements with which certified companies must still comply, all participants must agree to abide by the 50 CBPR program requirements, facilitating the implementation of the same baseline protections across different legal regimes.
- Cross-border enforcement cooperation: The CBPR system provides a mechanism for regulatory authorities to cooperate on the enforcement of program requirements.”
What Lies Ahead?
Our attainment of CBPR and PRP certifications is a testament to Iterable’s dedication to privacy and data protection. As we celebrate this achievement, we remain steadfast in our commitment to continually enhance our privacy practices to meet emerging challenges and evolving regulatory requirements.
To our clients, we extend our heartfelt gratitude for entrusting us with your data. We are committed to maintaining the highest standards of privacy, and these certifications reinforce our promise to be a responsible steward of your information.
Iterable continues to lead the way in prioritizing privacy, ensuring that your data is not just secure but is also handled with the utmost care in a globally interconnected landscape.