New cross-border certification system agreed by APEC
Published 3 February 2015
Further to the introduction of the Cross Border Privacy Rules (CBPR) system, a data privacy sub-committee of the Asia Pacific Economic Cooperation (APEC) has agreed a new cross-border certification system for data processors called the ‘APEC Privacy Recognition for Processors’ (the PRP).
The PRP enables processors to demonstrate to their controllers that they comply with the privacy obligation under the CBPR, and enables controllers to more easily select processors that will be able to sufficiently protect their data.
The PRP consists of 17 programme requirements that must be implemented by a processor, such implementation to be reviewed and validated by ‘Accountability Agents’.
The PRP will mean that the CBPR will now cover both processors and controllers, thus broadening its appeal. It is expected that the PRP will be launched in August 2015 and it is hoped that many more companies will now want to become certified under the scheme.
More information on APEC’s e-Commerce activities is available here.
What action could be taken to manage risks that may arise from this development?
None – for information only at this stage, but financial services companies who operate in Asia Pacific should consider whether they wish their processors to participate in the scheme.