© 2014 ibm corporation mapping apec cbprs onto eu bcrs anick fortin-cousens privacy officer,...
TRANSCRIPT
© 2014 IBM Corporation
Mapping APEC CBPRs onto EU BCRs
Anick Fortin-CousensPrivacy Officer, Canada, Latin America, Middle East & AfricaProgram Director, Corporate PrivacyIBM Corporation
© 2014 IBM Corporation22
IBM at a Glance
400,000+ employees 170+ countries
Cloud Analytics Mobile
Cognitive Computing
Security Social
First company to be CBPR-certified
© 2014 IBM Corporation3
Issue
Cross border data flow is critical to trade, growth and innovation Individuals need assurance that their personal information will receive the same level of
protection regardless of where it flows Compliance with various rules on cross border data flows can be difficult, and such
rules do not necessarily guarantee adequate treatment
Practical solution: certified accountability
Focuses on the adequacy of an organization’s policies and practices to protect data regardless of where it flows
Requires organizations to be answerable to regulators for the effectiveness of those policies and practices
Makes use of third party assessments and regulatory enforcement to provides credible evidence of trustworthiness
Certified Accountability as a Basis for Cross Border Data Transfers
© 2014 IBM Corporation4
Certified accountability as a basis for interoperability
Regional “interoperability”- the ability of diverse systems to work together- through
certified accountability is already in effect in the EU and is underway in APEC Interoperability between countries and regions is desirable and achievable We must look for these building blocks
Certified Accountability as a Basis for Interoperability
1. Baseline level of privacy protection
2. Expressed through internal rules and policies
4.Demonstrated via initial and ongoing methods
3.Enforceable via redress mechanisms
© 2014 IBM Corporation5
Certified Accountability- Other Benefits
Business Increased trust from stakeholders More robust privacy programs and practices Improved compliance with local standard Ability to demonstrate good faith efforts in case of enforcement
Individuals Enhanced privacy protection
User-friendly and streamlined complaint handling
Coordinated government enforcement
Ability to continue to embrace innovative products and services that benefit them
Government
Facilitate two important policy objectives: trade and privacy
Facilitate cross-border cooperation Provides credible evidence of viability of privacy protections through flexible and adaptable accountability schemes Provides for greater economic rewards
© 2014 IBM Corporation6
The Road to Success to Further Adoption
APEC CBPR
Critical mass must be achieved
United States, Mexico and Japan have joined; Canada in process of accession Only one approved Accountability Agent to date Interest on the part of business: IBM, Merck, Apple, HP, Ziff Davis, Lynda.com, Workday, Yodlee, with at least a dozen
more in progress in just over a year of existence– and in the US only
Impediments to adoption
Endorsement of commitments by APEC economies is non-binding In a “chicken and egg” situation at present, although beginning to see positive
movement Tangible incentives need to be made available for companies to join