Tag Archives: Privacy Abbreviated

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between. 

Privacy professionals are faced with what seems like a never ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor. 

In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.


Consumer Privacy in Telehealth: An Interview with the ATA

In this episode of Priv, host Dona Fraser is joined by American Telehealth Association (ATA) Senior Vice President of Public Policy, Kyle Zebley to check up on consumer health data privacy in the telehealth industry.

From HIPAA to the pandemic to Dobbs to a hodge-podge of new state-level privacy laws, Dona and Kyle discuss the ways companies are navigating this complex terrain, how the world of telehealth has drastically changed, the role of AI in today’s telehealth privacy picture, and what this picture may look like in the future. 

Some key takeaways from this episode are:

  • (6:41) The COVID-19 pandemic has accelerated the adoption of telehealth, allowing patients to access care remotely and overcoming barriers such as geographic limitations and workforce shortages.
  • (10:33) Data privacy is a significant concern in telehealth, and organizations like the ATA are working to develop principles and advocate for consistent policies to protect patient information.
  • (17:25) The regulatory landscape for telehealth is complex, with federal and state laws impacting the delivery of care and the collection and use of health data. Consistency and clarity in regulations are essential to ensure compliance and enable innovation.
  • (25:36) AI has the potential to revolutionize healthcare by improving efficiency, personalizing care, and addressing workforce shortages. However, it is crucial to have accountability, oversight, and guardrails in place to mitigate bias and protect patient rights.
  • (33:03) The future of telehealth and data privacy will depend on ongoing federal conversations, legislative actions, and regulatory decisions. Stakeholders must work together to ensure that telehealth continues to expand and provide accessible and high-quality care.

Another key item to note is the Digital Health Privacy Program (DHPP). DHPP is crucial in the telehealth industry as it establishes protocols to protect the privacy of consumer health data, ensuring trust and confidentiality in remote healthcare interactions. By safeguarding sensitive information, DHPP fosters patient confidence in utilizing telehealth services, driving widespread adoption and improving healthcare accessibility. Learn more about DHPP by following the link below.

Resources mentioned in this episode:

The COPPA Rule: Proposed Changes, the Impact, & the Magic 8-Ball

In December 2023, the Federal Trade Commission (FTC) proposed changes to the Children’s Online Privacy Protection Act (COPPA) Rule, including some that would place more responsibility on providers and platforms to ensure digital privacy and safety for children. 

In this episode of Priv, our host Dona Fraser is joined by SIIA Vice President, Education & Children’s Policy, Sara Kloek, and Children’s Advertising Review Unit (CARU) Director, Rukiya Bonner, to discuss how we got here, what the proposed changes mean, the potential impacts of these changes for businesses and Safe Harbors, as well as some predictions on the road ahead.

The conversation delves into the proposed changes to the COPPA Rule and their ramifications on the industry. Explored within are the origins of COPPA, recent regulatory actions and reviews, the importance of data security and compliance, emerging methods for obtaining parental consent, the significance of COPPA Safe Harbors, transparency obligations, the delineation of a child, challenges related to content and access, the impact of avatars on personal data, COPPA’s application in educational settings, and key revisions in the COPPA Rule. 

Some Key Takeaways from today’s episode:

  1. (2:10) Companies and the COPPA Rule Changes: With proposed changes to the COPPA Rule looming, companies must prioritize a proactive approach towards data security and compliance. Reviewing these alterations is crucial as it directly impacts how businesses handle children’s data. By staying ahead of the curve, companies can implement necessary measures to safeguard user information and ensure adherence to regulatory standards, fostering trust among consumers and mitigating potential legal risks.
  2. (11:57) COPPA Safe Harbors and Privacy Commitment: COPPA Safe Harbors serve as invaluable tools for companies aiming to showcase their dedication to safeguarding children’s privacy. By adhering to these guidelines, businesses not only enhance their reputation but also contribute to a safer online environment for young users. Embracing COPPA Safe Harbors demonstrates a commitment to ethical data practices, ultimately fostering long-term trust and loyalty among consumers.
  3. (20:56) Complexity of Child Definition and Age Thresholds: Discussions surrounding the definition of a child and age thresholds are multifaceted and necessitate careful consideration. The evolving digital landscape and varying developmental stages of children further complicate this matter. As such, ongoing dialogues are essential to ensure that regulatory frameworks accurately reflect the needs and vulnerabilities of young users, striking a delicate balance between protection and accessibility.
  4. (28:49) Enhancing User Experience and COPPA Compliance: Transparent notice and consent processes, coupled with innovative approaches to privacy policies, play a pivotal role in enhancing both user experience and compliance with COPPA regulations. By prioritizing clear communication and user-friendly interfaces, companies can empower users to make informed decisions regarding their data while simultaneously meeting regulatory requirements. Creative strategies in this realm not only promote compliance but also foster positive user engagement and brand loyalty.
  5. (41:40) Adapting to Uncertain Timelines and COPPA Rule Changes: While the timeline for the final COPPA Rule remains uncertain, companies must remain vigilant and adaptable in the face of potential changes. Staying informed about developments in regulatory landscapes is paramount, allowing businesses to swiftly adjust their practices and policies as needed. By prioritizing flexibility and preparedness, companies can navigate regulatory shifts with confidence, ensuring continued compliance and consumer trust.


Visit to Learn More: NAD FAQs

Contact Information: programs@bbbnp.org
Listen to the full episode here.

Episode Show Notes: Privacy IRL: Meet the Hosts of Priv

In the first episode of season two of Privacy Abbreviated, Dona Fraser, the SVP of Privacy Initiatives for BBB National Programs, is joined by new cohost Jason Cronk, the President of the Institute of Operational Privacy Design. After introducing Jason, Dona dives into some of the current topics regarding privacy and interviews Jason on his history in the field.

Continue reading Episode Show Notes: Privacy IRL: Meet the Hosts of Priv

Privacy IRL: Meet the Hosts of Priv

Many people think privacy is a narrow lane, but in reality, privacy is so much more. In a world where every business is a global business, the challenges and risks in the privacy space become increasingly complex and intertwined, and the definition of ‘privacy’ itself varies depending on who you speak to. In this episode of Priv, host Dona Fraser interviews our new co-host, Jason Cronk, on how he defines privacy, what drives him, and a little bit about his journey into a career in privacy.

For more information about this episode, read the show notes here.