top of page

APEC Cross Border Privacy Rules

The Asia-Pacific Economic Cooperation (APEC) is a forum that includes 21 Pacific Rim countries, including Japan, Russia, the United States, Australia, South Korea, Indonesia, Canada, and Mexico. The leaders of the member countries meet annually to address issues raised by the economic interdependence of the countries.


APEC has a Cross Border Privacy Rules (CBPR) system which confirms that countries have complied with the data privacy laws of the member countries.


Companies can become certified by taking the following measures:

- Confirm with an Accountability Agent that they are enforcing the requirements of the CBPR system on an ongoing basis.

- Arrange for the Accountability Agent to resolve disputes between it and its customers.

- Implement safeguards for personal data that are proportional to the risk involved.

- Allow customers to correct their personal data.


There are 50 individual requirements of the CBPR system. The program requirements posted here, show the areas in which APEC wants to confirm that a company has taken steps to protect privacy, and how the Accountability Agent can confirm the adequacy of these steps, or assist the company in implementing new measures. For example, a company will need to show that it has protected personal information from unauthorized use or destruction by the use of the following measures:

- User authentication

- Encryption

- Firewalls

- Audit logging

- Vulnerability scans


A company must demonstrate that it has written policies and procedures to confirm that personal information used by third parties on its behalf is adequately protected.



A list of CBPR certified companies and their accountability agents can be found here: http://cbprs.org/compliance-directory/cbpr-system/ .



 
 

Recent Posts

See All
How does Relativity use AI data?

How is data generated by aiR utilized by Relativity? Relativity has published a white paper addressing its AI security policies assuring...

 
 

Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page