March 2, 2021

Volume XI, Number 61

Advertisement

March 02, 2021

Subscribe to Latest Legal News and Analysis

March 01, 2021

Subscribe to Latest Legal News and Analysis

APEC Endorses the First U.S. Non-Profit Accountability Agent

On January 26, 2021, BBB National Programs announced that it has been endorsed as an Accountability Agent for the APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) systems. This makes BBB National Programs the seventh CBPR and PRP Accountability Agent worldwide and the first ever U.S. non-profit to be approved by APEC.

BBB National Programs is a non-profit that creates a fairer playing field for businesses and a better experience for consumers through the development and delivery of effective third-party accountability and dispute resolution programs. Through its approval by APEC, BBB National Programs adds the CBPR and PRP systems to its arsenal of other certification programs, including its newly established Vendor Privacy Program and its EU Privacy Shield dispute resolution program.

BBB National Programs will now be able to independently assess and certify the compliance of U.S. companies under the APEC CBPR and PRP programs. BBB National Programs’ newly launched Global Privacy Division will manage this function.

The APEC CBPR system is a regional, multilateral and cross-border data transfer mechanism and enforceable privacy code of conduct developed for businesses by the 21 APEC-member economies. The CBPR implements the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework. In order to participate in the CBPR, individual APEC economies must officially express their intent to join and satisfy certain requirements. To date, nine APEC economies have formally joined the CBPR: the U.S., Mexico, Canada, Japan, South Korea, Singapore, Australia, Chinese Taipei and the Philippines, some of which are still in the process of fully operationalizing the requirements. All APEC economies have endorsed the CBPR system.

The APEC PRP system is an adjunct to the CBPR that allows information processors to demonstrate their ability to effectively implement an information controller’s privacy obligations. The PRP also enables information controllers to identify qualified and accountable processors, as well as assist small or medium-sized processors that are not widely known in gaining visibility and credibility. The process for joining the PRP is similar to that of joining the CBPR. So far, the U.S. and Singapore have joined the PRP system.

Advertisement
Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 26
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement