IBM Becomes First Company Certified Under APEC Cross-Border Data Rules

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

International Business Machines Corp. has become the first company to be certified under the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System, the information technology and services giant announced in an Aug. 12 statement.

The CBPR System is designed to protect the privacy of consumer data moving between the United States and other APEC member economies by requiring companies to develop their own internal business rules on cross-border privacy procedures.

Privacy trust mark company TRUSTe Inc. approved IBM's compliance with APEC data protection standards, IBM said.

“This certification demonstrates IBM's commitment to protecting individuals' data privacy. CBPR rules will become the foundation of a globally-accepted system that enables data to be shared throughout different regions with strong and trustworthy privacy protections,” IBM Chief Privacy Officer Christina Peters said in the statement.

“The safe handling of consumers' personal information is crucial for the success of businesses as they enter new markets with different privacy frameworks,” TRUSTe Chief Executive Officer Chris Babel said in the statement.

Builds on 2004 Privacy Framework

The CBPR System is based on the nine privacy principles set out in the APEC Privacy Framework, which member economies endorsed in 2004 (3 PVLR 1334, 12/6/04).

APEC leaders pledged to implement the system in a November 2011 declaration (10 PVLR 1673, 11/21/11).

Under the system, APEC governments may approve public or private sector “accountability agents” to certify as CBPR compliant organizations that are subject to the enforcement authority of APEC's Cross-border Privacy Enforcement Arrangement (CPEA).

The CPEA aims to encourage cooperation between privacy enforcement authorities in APEC (9 PVLR 1254, 9/6/10).

In July 2012, the Department of Commerce announced that the United States had been approved as the first formal participant in the CBPR System, and the Federal Trade Commission confirmed that it would become the system's first privacy enforcement authority (11 PVLR 1191, 7/30/12).

Commerce began soliciting accountability agent applicants in July 2012 (11 PVLR 1241, 8/6/12).

TRUSTe was the first company to be named as an authorized accountability agent, according to IBM's statement.

In February, Mexico became the second APEC member economy to join the CPBR System (12 PVLR 286, 2/18/13). In June, Japan filed its application to join the system (12 PVLR 1072, 6/17/13).

The 21 APEC member economies are: Australia, Brunei Darussalam, Canada, Chile, China, Hong Kong, Indonesia, Japan, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, the Philippines, Russia, Singapore, South Korea, Taiwan, Thailand, the United States, and Vietnam.