Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Data Protection.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.
McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Principles of good practice Jana Kunická Community Philanthropy Initiative Coordinator European Foundation Centre.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
1 Click to Check Public FTAA.ecom/inf/122 February 13, 2002 Original: English.
Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.
Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
1 Validation of non-formal and informal learning in Europe The challenging move from policy to practise Jens Bjornavold Rotterdam, 10 April 2014.
The Role of Peer Review in a Multilateral Framework on Competition Policy Andrea Bruce Investment Trade Policy UNCTAD Regional Seminar for Latin America.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Privacy: An International Perspective Marty Abrams August 18, 2008.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Cyberspace Privacy Considerations Arthur Shay, Esq. Shay & Partners, Taipei, Taiwan February 25, 2008 Partnership towards IGF in Asia.
Data Protection Act (1998).
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Overview of Good Regulatory Practice Kent Shigetomi Office of the U.S. Trade Representative.
Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Director, Internet, Science, and Technology Research
Privacy principles Individual written policies
Data Protection: EU & International
General Data Protection Regulation
Bob Siegel President Privacy Ref, Inc.
G.D.P.R General Data Protection Regulations
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
Investor protection and MIFID
Healthcare Privacy: The Perspective of a Privacy Advocate
Mandatory Breach Reporting (isn’t *that* bad)
National Congress on Health Care Compliance
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
HIPAA Privacy and Security Update - 5 Years After Implementation
Overview of Good Regulatory Practice
Presentation transcript:

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce Hanoi 20 February 2006

Why is ‘Privacy’ on the APEC agenda?

The APEC Privacy Framework

APEC Privacy Principles: Relationship Preventing Harm This provides that privacy protections are designed to prevent harm to individuals from wrongful collection or misuse of their personal information and that remedies to privacy infringements are proportionate to the likelihood and severity of the risk of harm Choice This provides, where appropriate, for individuals to be provided with mechanisms to exercise choice in relation to the collection, use and disclosure of their personal information Accountability This requires a personal information controller to be accountable for complying with measures that give effect to the Principles. When transferring personal information, reasonable steps should be taken to ensure recipients protect the information consistently with these Principles Security Safeguards This requires appropriate security safeguards to be applied to personal information that are proportional to the likelihood and severity of the harm threatened, the sensitivity of the information and the context in which it is held Notice This provides for the information a personal information controller must include in the notice to individuals when collecting their personal information and requires that all reasonably practicable steps to be taken to provide the notice either before or at the time of collection, otherwise, as soon after as is practicable Access & Correction This provides for individuals to have rights of access to their personal information, to challenge the accuracy of the information and, as appropriate, to request correction of such information Collection Limitation This provides for the lawful and fair collection of personal information that is relevant to the purposes of collection, and where appropriate, with notice to, or consent of, the individual concerned Use of Personal Information This limits the use of personal information to fulfilling the purposes of collection and other compatible or related purposes Integrity of Personal Information This provides that personal information should be accurate, complete and kept up-to-date to the extent necessary for the purpose of use Personal Information Controller Preventing Harm ChoiceAccountability Collection Limitation Notice Access and Correction Security Safeguards Use of Personal Information Integrity of Personal Information

Nine APEC privacy principles 1.Preventing Harm – privacy protections should focus on preventing harm and misuse 2.Notice – clear & easily accessible 3.Collection Limitation – collect what’s relevant in a lawful & fair manner 4.Uses of Personal Information – for expected and compatible purposes, with consent, or where necessary 5.Choice – where appropriate, provide clear, accessible mechanism to exercise choice

Nine APEC privacy principles 6.Integrity – personal information should appropriately accurate, complete and up-to-date 7.Security – appropriate safeguards to protect against unauthorized access, use, modification or disclosure 8.Access & Correction – important (but not absolute) rights 9.Accountability – controllers are accountable for compliance with all Principles and must use reasonable steps to ensure that recipients of personal information also comply

The APEC Insight

Insight in Principles 1 & 9 Principle 1 –Proportionality: focus effort on where harm greatest Principle 9 –‘Accountability follows the data’

Where did we get to last time?

What is the problem? Complex business transactions makes privacy compliance more difficult Many laws, many regulators –Hard for anybody to see the whole Effective resolution of complaints –Cost to business; cost to consumer Justification introducing privacy regime for a small economy not a small task –International trade argument very strong

Immediate action Consumer empowerment –Improved Privacy Notices Education – effort from Govt; business; hot topics like ID theft –Consumers –Business, especially small business Privacy Regulators encouraged to coordinate more Business to pay more attention to flows of personal information in their business and with their business partners But turn this into a strategy – How?

Implementation

Governance ‘Safety begins at home’ –those directly handling the data to respect and abide by that framework Internal Privacy Governance Framework –A high level policy –Standard operating procedures –Recommended measures & best practices –Training,communication & compliance tools –Assurance functions

Domestic –6 APEC Member Economies have broad based privacy law –1 has sectoral law –1 has voluntary framework –At least 5 drafting a privacy framework Consistency with APEC Privacy Framework varies

International APEC Member Economies have most to do here Options –‘APEC Privacy Commission’ –NGO equivalent, either one or more –Binding corporate rules –Cooperative arrangements between existing privacy regulators

International Part B: “44.Member Economies should … facilitate cross-border cooperation in the enforcement of privacy laws “46.Member Economies will endeavor to support the development and recognition or acceptance of organizations’ cross-border privacy rules across the APEC region … that … adhere to the APEC Privacy Principles.”

Further work Build on 2005 –See consultants’ Final Report Facilitate Binding Corporate Rules a.Industry accountability checklist b.Process for “approvals” of rules c.International trust on enforcement Information Privacy Individual Action Plans OECD privacy law enforcement survey

The Wrap APEC has come a long way in 3 yrs Now for more

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.