<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

LIVE WEBINAR: SOC for Software - How SOC for Supply Chain Reduces Software Risk | July 29th

Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
DEBBIE ZALLER

By: DEBBIE ZALLER on July 8th, 2019

Print/Save as PDF

Cross-Border Privacy System Gains Second U.S. Compliance Agent

(Article originally published on BloombergLaw.com)

U.S. companies will have another option for certifying their compliance with an Asia-Pacific region cross-border privacy rules program.

Schellman & Company LLC is the second company to become a U.S. accountability agent under the Asia Pacific Economic Cooperation’s Cross Border Privacy Rule (CBPR) System, the International Trade Administration said in a blog post.

Accountability agents evaluate if U.S. businesses’ privacy practices and procedures align with the requirements of the data privacy certification mechanism. Participation in the program is voluntary, but once a company is certified, their policies and practices become binding and national privacy authorities can enforce them.

Companies in the Asia-Pacific region can more easily exchange information across borders by demonstrating they maintain internationally recognized privacy standards. With two agents available, U.S. companies can expect more access to certification services, according to the federal government and Schellman.

“We have heard the call from U.S. industry for more Accountability Agents in the United States to promote greater options and more competitive pricing for the growing variety of companies seeking the benefits of a CBPR certification,” Jim Sullivan, deputy assistant secretary for services at the U.S. Department of Commerce’s ITA, said in a statement.

Adding another agent “is an indication that there is now support for CBPR and broader interest in certification,” Jarno Vanto, partner in Crowell & Moring LLP’s privacy and cybersecurity group, said in an email.

TrustArc subsidary TRUSTe has been the only U.S. accountability agent since 2013. APEC members created the CBPR system in 2011.

Debbie Zaller, Schellman’s privacy practice leader, said in a statement the company applied to become an agent after hearing about the APEC privacy framework and realizing there was an opportunity to “drive competition in the space and hopefully enable more organizations to pursue certification.”

Eight APEC economies—out of a total 21— have so far joined the CBPR system, including the U.S., Japan, Canada, Mexico, South Korea, Australia, Singapore, and Chinese Taipei, according to the ITA. The Philippines is in the process of joining.

“The number of global businesses who have joined the program has also been limited,” Francoise Gilbert, co-chair of Greenberg Traurig LLP’s data, privacy, and cybersecurity practice, said in an email.

“With the passage of time, the number will increase,” Gilbert said. “The more news about development and applicability of the CBPR Program, the more incentives for global businesses and for APEC Member Economies to look at the CBPR as a way to demonstrate their commitment to privacy and data protection,” she said.

About DEBBIE ZALLER

Debbie Zaller is a Principal at Schellman & Company, LLC. Debbie leads the SOC 2, SOC 3 and Privacy service lines and is also an AICPA-approved and nationally listed SOC Specialist. As practice leader she is responsible for internal training, methodology creation and quality reporting. Debbie also leads the firm’s Midwest market. Debbie has over 20 years of IT compliance and attestation experience. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.