Media

August 14, 2007

Cross-Border Data Sharing: Everything You Need To Know About The Apec Privacy Framework

The IAPP Announces Aug. 23 Audio Conference to Detail Alternative Framework for Global Data Protection

YORK, Maine -- August 14, 2007 — Today's complex business transactions make privacy compliance increasingly difficult, but multinational companies engaged in cross-border data flows should explore a promising alternative data protection framework developed by the Asia-Pacific Economic Cooperation (APEC) forum, according to one of the model's architects.

Malcolm Crompton, an IAPP Board member and the former federal Privacy Commissioner of Australia from 1999-2004, will lead an IAPP audio conference from 1 to 2:30 p.m. on Aug. 23 to provide an update on the 2007 progress of the APEC Privacy Framework.

"The APEC Privacy Framework was developed to assist APEC economies introduce domestic privacy law and to address the privacy protection of personal information when it moves between economies," said Crompton, now Managing Director of Information Integrity Solutions. "After two extremely successful seminars to advance our agenda, we are eager to share our 2007 progress and detail next steps in 2008."

Speaking before a live audience of fellow IAPP Board Members, Crompton will be joined by speaker Martin Abrams, Executive Director, Center for Information Policy Leadership, Hunton & Williams LLP. The 90-minute audio conference, which will be held at the IAPP's headquarters in York, Maine, will follow the conclusion of the IAPP Board of Directors' annual retreat.

APEC has 21 members known as "Member Economies," which account for about 40 percent of the world's population and 48 percent of world trade. Members include Australia, Canada, China, Japan and the U.S. Endorsed in November 2005, the APEC Privacy Framework outlines nine privacy principles which cover preventing harm, notice, collection limitation, uses of personal information, choice, integrity of personal information, security safeguards, access and correction, and accountability. The framework includes new insights not evident in earlier frameworks, specifically, Principle 1, which emphasizes the importance of focusing first on where harm is greatest; and Principle 9, which states that accountability remains with the original personal information controller, even after the data is shared with others.

Audio conference participants, who may register for this event at www.privacyassociation.org, will get an update on the progress of two seminars held in 2007 focused on efforts to achieve responsible and accountable cross-border information flows and effective privacy protection without creating unnecessary barriers.

Member Economies will support the development and recognition or acceptance of organizations' cross-border privacy rules that adhere to the APEC Privacy Principles, commencing with a number of "pathfinder" projects that will be pursued in 2008 to implement cross-border privacy rules to protect personal information when it moves between economies. Officials in Peru, which is the APEC host economy next year, are planning to hold a February 2008 seminar on the use of trustmarks, regulator enforcement issues and capacity building. The Information and Privacy Commissioner of British Columbia also is planning to hold a seminar in Vancouver in September in conjunction with Peru on cross-border privacy rules.

The APEC audio conference is just one of several new audio conferences the IAPP is planning for the remainder of 2007. Visit www.privacyassociation.org for a full schedule of upcoming audio conferences.