The APEC Privacy Framework is not new, but it’s in the news today because an idea borne from that framework seems to be building momentum. A number of countries, including Canada, recently created the Global Cross-Border Privacy Rules Forum with the intent of having an interoperable system that makes it easier to move personal information across international borders.
The other countries involved in the initiative are Japan, Singapore, South Korea, Taiwan and the United States.
One of the key components of the new system would be some sort of scheme where organizations become certified by an agent in order to receive personal information from another country. We still need to figure out who will act as these certifying agents. Will it become an added role for a privacy commissioner’s office to tackle or will that somehow create conflicts with their roles as enforcement officers? Maybe we should let the private sector play a part and have firms that do audits become these accountability agents. I suppose there could be many different types of certifying agents. What do you think — would you like that job?
There’s still some pretty significant work to be done to get this idea off the ground, but the recent government announcements are promising and they indicate that this idea, which is nearly two decades old now, will actually come to fruition.
It might be something we look at as a mechanism even within Canada. It is not too much of a stretch to imagine Canada’s provinces each passing their own privacy laws and with that will be the need for real interoperability. Maybe this global CBPR initiative will eventually be the way that Canadian organizations move personal information around, even just within the country.
Things are always changing in this industry. It’s certainly never boring and it keeps us on our toes, that’s for sure.
To stay up to date, make sure you check out the rest of the privacy news for this week.