Get Ready, Get Certified: Early Adoption of CBPR Makes Doing Business with Asia EasierContributors: Harvey Jang
While the EU General Data Protection Regulation (GDPR) enforcement deadline is less than a year away and it’s “all systems go” to get ready, privacy – like all other fundamental human rights – is not just a European issue. The specific rules and requirements might differ between jurisdictions, but the principles of protecting and respecting personal data and being transparent, fair, and accountable, apply worldwide.
With 21 member economies, APEC (Asia Pacific Economic Cooperation) is an important region for Cisco. Over 60 percent of our revenue is generated from an APEC economy, which includes the United States.
The APEC member economies have adopted the APEC Privacy Framework with its nine privacy principles:
- Preventing Harm
- Collection Limitation
- Uses of Personal Information
- Integrity of Personal Information
- Security Safeguards
- Access and Correction
These principles align to internationally recognized privacy guidelines, frameworks, and laws such as the OECD Guidelines, EU/Swiss-US Privacy Shield, EU Binding Corporate Rules, GDPR, Japan’s Act on the Protection of Personal Information, Singapore’s Personal Data Protection Act, Korea’s Personal Information Protection Act, and others. To ensure a consistent baseline of privacy protection when data processing crosses borders, APEC created the Cross-Border Privacy Rules system (CBPRs). Like the EU’s BCRs and Privacy Shield, companies can certify under the CBPRs and publicly commit to honoring the CBPRs principles no matter where data processing takes place. An APEC-approved, independent third party, called an Accountability Agent, reviews the company’s policies and practices to verify compliance and issues the certification. A CBPRs-certified company is permitted to transfer and receive personal data collected in an APEC member economy across borders (i.e., the certification satisfies Japan’s new cross-border restrictions).
The CBPRs is a relatively new certification that is beginning to gain traction. Japan and South Korea recently joined the system, and Canada, Mexico, and the United States are full participating economies. Singapore submitted its formal “notice of intent to participate” in July of this year and we are seeing strong interest from other APEC economies, including Australia, Chinese Taipei, Hong Kong, the Philippines, and Vietnam. Cisco was an early adopter and has been CBPRs certified since 2016. We are actively working with APEC in “capacity-building” efforts to expand the adoption of the framework among member economies and companies doing business in Asia. As more economies and countries join the CBPRs, we will see a strong network effect and greater benefits of participation.For more information about Cisco data protection and privacy, visit trust.cisco.com.