TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout
DPC18_Web_300x250-COPY

""

At this week's APEC SOM I meetings in Lima, Peru, Information Integrity Solutions presented a commissioned report on stakeholder views on the benefits of the Cross-Border Privacy Rules System (CBPR) for APEC economies and businesses. The report authors, myself and former Australian Privacy Commissioner Malcolm Crompton, CIPP/US and recipient of the IAPP 2012 Privacy Leadership Award, reported on consultations with government, business, and regulator stakeholders from a sample of economies, including, Japan, Singapore, Mexico, Canada and the United States. The purpose of the report was to raise awareness of benefits and serve as a catalyst for further economy-specific cost/benefit analyses.

The report found that stakeholders were identifying significant trade benefits as well as internal business benefits. From a government stakeholder perspective, CBPR has the potential to advance global trade and economic growth policy objectives. Governments generally have policies to further economic growth and prosperity and this has been a fundamental objective of APEC since its inception. For trade to increase, views were that a trusted environment is required, especially when more and more trade involves personal information. CBPR is a scalable set of standards that can potentially also alleviate localisation pressures.

[Editor's note: Read a report on recent APEC activity on CBPRs here.]

From an internal business perspective, CBPR plays a role towards having one global compliance system. Having one standard with one interpretation can potentially help overcome cultural differences that would otherwise make cross-border data flows even more complex. Business stakeholders considered that a simplified compliance system allows businesses to focus on better privacy rather than complex layers of compliance. One company has also benefited greatly from its CBPR certification through lowered cost and time in getting EU binding corporate rules for its existing global privacy program.

From a regulatory perspective, CBPR can allow regulators to potentially improve resource allocation, by enabling them to focus resources and efforts on systemic, high profile and high impact privacy issues, rather than first line complaint handing if accountability agents in the CBPR System are effective.

Overall the report finds that awareness and understanding of CBPR is low, however. The extent to which businesses and economies find value in the CBPR depends on:

  • Each economy’s underlying domestic law
  • Underlying domestic law of current and future trading partners
  • Requirements of stakeholders

The independence and professionalism of accountability agents, data protection authorities and the Joint Oversight Panel are integral to the credibility of the system and impacts overall regulatory benefits. The authors recommended the following next steps:

  1. APEC member economies and businesses use the preliminary assessment in the report to start the process of conducting a full cost/benefit analysis from their own perspectives
  2. An urgent review and update of CBPR documentation take place – to make it accessible and easy to understand
  3. Consideration be given to stronger and more visible promulgation of CBPR

The authors can be contacted at amoens@iispartners.com and mcrompton@iispartners.com for further details. 

Comments

If you want to comment on this post, you need to login.