On 19 October 2011, the Governor-General approved an amendment to the Administrative Arrangements Order transferring responsibilities for privacy and freedom of information policy from the Department of the Prime Minister and Cabinet to the Attorney-General’s Department. The Privacy and Freedom of Information Policy Branch within the Department of the Prime Minister and Cabinet has transferred to the Attorney-General’s Department as the Information Law and Policy Branch. Relevant parts of this webpage and its contents will shortly be updated and relocated to the website of the Attorney-General’s Department (www.ag.gov.au).
APEC Cross-Border Privacy Rules
Cross-Border Privacy Rules (CBPRs) are rules developed by businesses that set out their practices in relation to any personal information they may collect from their customers. In broad terms, CBPRs are developed by businesses to operate both as internal business rules on privacy procedures as well as being their promise to consumers about how they will deal with their personal information. Most businesses that collect personal information and transfer that information across borders would already have practices and procedures in place for their staff to understand their obligations in relation to personal information, particularly if the business works in an economy that already has domestic privacy laws. A system that permits the wider use of CBPRs acknowledges that businesses already recognise that it is essential to protect the personal information of their customers. Developing a scheme that provides guidance on how CBPRs can meet the APEC-wide standards of the APEC Privacy Principles means that business CBPRs can be recognised across APEC economies. CBPRs need to comply with both the APEC Privacy Framework but also domestic laws of the economies where businesses operates, so it is expected that this will naturally push standards to the highest in the region.
Accountability is the key Privacy Principle underlying the CBPR system. A business will be accountable for the promises it makes to its customers about the way in which it will deal with their personal information. Accountability requires that there must be effective guidance for both business and consumers and effective enforcement of obligations throughout APEC economies. This means that any CBPR system must be developed through broad consultation with all interests – business, consumers, regulators and governments. Regulators and other accountability agents (such as privacy trustmarks or public sector bodies) will be a key part of the system.
Top