A Perspective: Data Flow Governance in Asia Pacific - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

A Perspective: Data Flow Governance in Asia Pacific

Description:

Lead a global information policy think tank financially supported by 40 companies ... Law in Canada, Hong Kong, New Zealand and Australia based on traditional data ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 16
Provided by: kims167
Category:

less

Transcript and Presenter's Notes

Title: A Perspective: Data Flow Governance in Asia Pacific


1
A Perspective Data Flow Governance in Asia
Pacific APEC Framework
  • Martin Abrams
  • October 21, 2008

2
My Experience
  • Lead a global information policy think tank
    financially supported by 40 companies
  • 21 years experience in privacy with consistent
    focus on global data flows
  • Deep involvement in Asia Pacific over the last
    five years
  • Co-organizer of two privacy conferences in China
    with Professor Zhou Hanhua

2
3
International Differences are a Challenge
  • Law in Canada, Hong Kong, New Zealand and
    Australia based on traditional data protection
    concepts
  • US law consumer protection based, but individual
    autonomy a value
  • Asian cultural views of individual autonomy are
    different
  • However, protection of individuals from the
    harmful use of information or the negative
    effects of bad security reamin highly relevant
  • AP data governance must be inter-operable with
    this mosaic

3
4
Breaking Privacy into its Elements is Helpful
  • Elements include
  • Information security
  • Consumer protection
  • Cultural aspects, such as autonomy
  • Security and consumer protection are common from
    place to place, system to system
  • Autonomy is different everywhere
  • Global companies must build respect for those
    differences and be accountable for promises

4
5
Looking at APEC

6
APEC Privacy Framework
  • Developed over the past five years
  • Based on OECD with a few changes
  • Prioritization based on prevention of harm
  • Transfers based on accountability
  • Domestic implementation flexible
  • International implementation Cross Border
    Privacy Rules

6
7
Nine APEC Privacy Principles
  • Preventing Harm privacy protections should
    focus on preventing harm and misuse
  • Notice clear easily accessible
  • Collection Limitation collect whats relevant
    in a lawful fair manner
  • Uses of Personal Information for expected and
    compatible purposes, with consent, or where
    necessary
  • Choice where appropriate, provide clear,
    accessible mechanism to exercise choice

8
Nine APEC Privacy Principles Cont.
  • Integrity personal information should be
    appropriate, accurate, complete and up-to-date
  • Security appropriate safeguards to protect
    against unauthorized access, use, modification or
    disclosure
  • Access Correction important (but not
    absolute) rights
  • Accountability controllers are accountable for
    compliance with all Principles and must use
    reasonable steps to ensure that recipients of
    personal information also comply

9
APEC Framework Has Two Pathways
  • Domestic implementation
  • International Implementation
  • Governance for the flow of data between APEC
    members
  • Basis is Corporate Privacy Rules

9
10
What Are Cross Border Privacy Rules?
  • A matching of corporate policies against APEC
    principles
  • A requirement that organizations honor the
    obligations that come from local law and promises
    made when collecting data
  • Functionally similar to BCRs
  • Implements accountability principle

10
11
Accountability Rooted In Data Protection History
  • OECD Principle 8
  • APEC Principle 9
  • A personal information controller should be
    accountable for complying with the measures that
    give effect to the Principles stated above. When
    personal information is to be transferred to
    another person or organization, whether
    domestically or internationally, the personal
    information controller should obtain the consent
    of the individual or exercise due diligence and
    take reasonable steps to ensure that the
    recipient person or organization will protect the
    information consistently with these Principles.
  • Canadian Privacy Law

11
12
How Do They Work?
  • Organization completes documents that demonstrate
    that it has the capacity to honor a set of cross
    border privacy rules
  • The application is reviewed by an accountability
    agent
  • The organizations cross border privacy rules are
    recognized
  • Complaints are processed by accountability agents
    and government agencies that supply oversight

12
13
Where Do We Stand?
  • 9 APEC pathfinder projects
  • Cover all aspects of the program
  • Company CBPRs
  • Approvals
  • Accountability agents
  • Cooperation between enforcement agencies
  • Complaints
  • Documents being finalized
  • Testing begins this year and continues in 2009
  • Overseen by Data Privacy Subgroup

13
14
Process Lessons
  • The APEC process has profited from the active
    participation of privacy enforcement agencies,
    governments, civil society and business
  • Accountability agencies must be answerable and
    overseen by enforcement agencies, but play an
    important role in assuring accountability
  • The globalization of privacy is teaching us many
    lessons applicable to the future.

14
15
How to Reach Me
  • mabrams_at_ hunton.com

15
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Perspective: Data Flow Governance in Asia Pacific" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!