APEC Data Privacy Pathfinder Initiative
The most significant outcome of the APEC Data Privacy Sub-Group’s work in 2007 was the development of an APEC Data Privacy Pathfinder and the Pathfinder work plan which was endorsed by APEC Ministers in Sydney in September 2007. A Pathfinder is an APEC term for a plan agreed to by all economies for the implementation of an initiative within or between all economies. Progress on Pathfinder commitments are regularly reviewed by APEC Ministers. The Data Privacy Pathfinder contains general commitments leading to the development of a Cross-Border Privacy Rules (CBPR) system. It will be implemented by a series of inter-related projects. Nine projects are currently identified, but more may be added as necessary. Broader policy issues about the operation of a CBPR system identified in this process will be addressed by the Data Privacy Sub-Group as work progresses.
The key elements of a CBPR system, and the first set of projects, are as follows:
- self-assessment
- project 1 - self-assessment guidance for business
- compliance review
project 2 - trustmark guidelines
project 3 - compliance review process of CBPRs
- recognition/acceptance
project 4 - directories of compliant organisations
- dispute resolution and enforcement
project 5 - contact directories for data protection authorities and privacy contact officers
project 6 - templates for enforcement cooperation arrangements
project 7 - templates for cross-border complaint handling forms
project 8 - guidelines and procedures for responsive regulation in CBPR systems
Project 9, an implementation pilot program, provides a platform in which the various projects can be implemented and tested.
There are further projects that will need to be developed as the progress is made. The aim is for the Data Privacy Sub-Group to work through 2008 on these projects so that the first implementation of all the elements of a CBPR system can begin in 2009.