The Australian Services Roundtable (ASR) yesterday hosted an expert roundtable discussion on the APEC Cross Border Privacy Rules (CBPR) System and their related implications for Australia and Australian businesses.
The discussion was held under Chatham House Rules, with an overview provided by Mr Colin Minihan, Principal Legal Officer at Attorney-Generals Department and current Australian delegate to the APECData Privacy Sub-Group. Also in Attendance was Ms. Anna Budulus, who is one of three Australian APEC Business Advisory Council (ABAC) members.
The APEC CBPR system is of significance to all Australian services organisations that move data across borders throughout the APEC region. There are currently three participating APEC CBPR system economies who have signed up to be part of the system, namely, the USA, Mexico and Japan, with more expected to join soon. Individual organisations headquartered within those economies can be certified to participate in the system.
Discussion at the roundtable covered issues such as whether Australia and Australian companies should consider joining the CBPR system, the related costs and benefits and the interaction between the CBPR system and the new Australian Privacy Act.
In terms of next steps, it was agreed by all participants that this was an important issue and there was need for further analysis and discussion about the implications of the CBPR for Australian companies, as well as the provision of more information.
ASR Intends to host a further discussion with a broader range of participants early in 2015.
For further information, or to be involved in further discussions, please contact ASR CEO Ian Birks by email to ceo@servicesaustralia.org.au
Note: The APEC Cross Border Privacy Rules (CBPR) system was developed by participating APECeconomies after seeking the views of industry and civil society, to build consumer, business and regulator trust in cross border flows of personal information. The APEC CBPR system requires participating businesses to develop and implement data privacy policies consistent with the APECPrivacy Framework. These policies and practices must be assessed as compliant with the minimum program requirements of the APEC CBPR system by an Accountability Agent (an independent APECCBPR system recognised public or private sector entity) and be enforceable by law.