Www.informationpolicycenter.com A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

Slides:

Advertisements

Similar presentations

Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.

Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

GRAHAM GREENLEAF AM PROFESSOR OF LAW & INFORMATION SYSTEMS UNSW AUSTRALIA PANEL 8 – MAPPING APEC CBPRS ONTO EU BCRS INTERNATIONAL DATA PROTECTION & PRIVACY.

SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

© CSR Asia 2010 ISO Richard Welford CSR Asia

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

3rd session: Corporate Governance

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

Per Anders Eriksson

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, Privacy and Cyber Security:

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

Internal Auditing and Outsourcing

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Building User Trust Online Sarah Andrews International Conference on the Legal Aspects of an E-Commerce Transaction The Hague October 2004.

Spring Semester 2009 IT Policy and Technology: Japan and Global IT Environment 世界のなかの日本としての IT 政策と技術 Jun Murai Masaaki Sato Jun Takei May 21, Privacy.

Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.

PRESENTED BY: RAHIMA NJAIDI MJUMITA 3 RD APRIL 2012.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

© 2014 IBM Corporation Mapping APEC CBPRs onto EU BCRs Anick Fortin-Cousens Privacy Officer, Canada, Latin America, Middle East & Africa Program Director,

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Roadmap For An Effective Compliance And Ethics Program The Top Ten Things the Board Must Know [Name of Presenter] [Title] [Date]

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Privacy: An International Perspective Marty Abrams August 18, 2008.

1 IAPP TRUSTe Symposium: Privacy Futures ASIAN PRIVACY AT THE CROSSROADS IAPP TRUSTe Symposium: Privacy Futures (Session 3.06 “International Privacy: A.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Cyberspace Privacy Considerations Arthur Shay, Esq. Shay & Partners, Taipei, Taiwan February 25, 2008 Partnership towards IGF in Asia.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Data Protection Act (1998).

Office of the Auditor General of Canada Modernizing Accountability A need for evaluation Presentation to the CES 2003 Annual Conference Vancouver John.

Access to Information: Bolivia Main Headline Goes Here Special Meeting of the Juridical and Political Affairs OAS December 13, 2010 Laura Neuman Access.

APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Protection of Personal Information Act An Analysis on the impact.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Roadmap For An Effective Compliance And Ethics Program

Data Protection: EU & International

HIPAA Administrative Simplification

General Data Protection Regulation

Data protection issues in regulatory investigations

APP entities (organisations)

Information Governance and Data Privacy: A World of Risk

Consumer Privacy An Introduction

Internal control - the IA perspective

Protection of Personal Information Bill: An International Perspective

Employee Privacy and Privacy of Employee Information

OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Professor at Kyung Hee Univ.

SRO APPROACH TO REGULATION

Presentation transcript:

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008

My Experience  Lead a global information policy think tank financially supported by 40+ companies  21 years experience in privacy with consistent focus on global data flows  Deep involvement in Asia Pacific over the last five years  Co-organizer of two privacy conferences in China with Professor Zhou Hanhua 2

3  Law in Canada, Hong Kong, New Zealand and Australia based on traditional data protection concepts  US law consumer protection based, but individual autonomy a value  Asian cultural views of individual autonomy are different  However, protection of individuals from the harmful use of information or the negative effects of bad security reamin highly relevant  AP data governance must be inter-operable with this mosaic International Differences are a Challenge

4 Breaking Privacy into its Elements is Helpful  Elements include:  Information security  Consumer protection  Cultural aspects, such as autonomy  Security and consumer protection are common from place to place, system to system  Autonomy is different everywhere  Global companies must build respect for those differences and be accountable for promises

Looking at APEC 5

6 APEC Privacy Framework  Developed over the past five years  Based on OECD with a few changes  Prioritization based on prevention of harm  Transfers based on accountability  Domestic implementation – flexible  International implementation – Cross Border Privacy Rules

7 Nine APEC Privacy Principles 1. Preventing Harm – privacy protections should focus on preventing harm and misuse 2. Notice – clear & easily accessible 3. Collection Limitation – collect what’s relevant in a lawful & fair manner 4. Uses of Personal Information – for expected and compatible purposes, with consent, or where necessary 5. Choice – where appropriate, provide clear, accessible mechanism to exercise choice

8 Nine APEC Privacy Principles 6. Integrity – personal information should be appropriate, accurate, complete and up-to-date 7. Security – appropriate safeguards to protect against unauthorized access, use, modification or disclosure 8. Access & Correction – important (but not absolute) rights 9. Accountability – controllers are accountable for compliance with all Principles and must use reasonable steps to ensure that recipients of personal information also comply

APEC Framework Has Two Pathways  Domestic implementation  International Implementation  Governance for the flow of data between APEC members  Basis is Corporate Privacy Rules 9

10 What Are Cross Border Privacy Rules?  A matching of corporate policies against APEC principles  A requirement that organizations honor the obligations that come from local law and promises made when collecting data  Functionally similar to BCRs  Implements accountability principle

Accountability Rooted In Data Protection History  OECD Principle 8  APEC Principle 9  “A personal information controller should be accountable for complying with the measures that give effect to the Principles stated above. When personal information is to be transferred to another person or organization, whether domestically or internationally, the personal information controller should obtain the consent of the individual or exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with these Principles.”  Canadian Privacy Law 11

12 How Do They Work?  Organization completes documents that demonstrate that it has the capacity to honor a set of cross border privacy rules  The application is reviewed by an accountability agent  The organization’s cross border privacy rules are recognized  Complaints are processed by accountability agents and government agencies that supply oversight

13 Where Do We Stand?  9 APEC pathfinder projects  Cover all aspects of the program  Company CBPRs  Approvals  Accountability agents  Cooperation between enforcement agencies  Complaints  Documents being finalized  Testing in 2009  Overseen by Data Privacy Subgroup

Process Lessons  The APEC process has profited from the active participation of privacy enforcement agencies, governments, civil society and business  Accountability agencies must be answerable and overseen by enforcement agencies, but play an important role in assuring accountability  The globalization of privacy is teaching us many lessons applicable to the future. 14

How to Reach Me hunton.com 15