On 15 April 2015, Canada became the fourth country to join the APEC Cross-Border Privacy Rules System, a voluntary consumer data privacy program, behind Japan (2014), Mexico (2013), and the United States (2012). All 21 APEC countries were involved in the construction of this system, but membership is not guaranteed. Interested countries are required to produce an official expression of intent and satisfy certain requirements before entry is approved.
The system is a cross-border data transfer mechanism that implements the nine principles of the APEC Privacy Framework. It is aimed at preventing fraud and other security threats that may adversely affect trade and economic growth in the region. Organisations working within APEC countries are required to introduce internal rules on cross-border data privacy procedures, where such rules must meet the minimum requirements as detailed in the APEC Privacy Framework, and be verified by an accountability agent.
Canada’s participation in this program demonstrates the growing awareness of data issues in the region, and the need for international collaboration to deal with such issues as the amount and frequency of data transfers rises. It is hoped that the level of privacy protection will increase as more countries in the region participate; moreover, it is hoped that it will strengthen the case for interoperability of this program with other privacy programs, such as in the EU.
The importance of these systems should not be underestimated. The globalisation of business and the rise of multinational organisations mean that data transfers are becoming more prevalent. As privacy awareness increases within the region, businesses will be encouraged to put in place effective security systems, thereby reducing the risk of data breaches. This will not only help to limit the adverse publicity that follows data breaches, but it will also reduce the financial impact on that all-important bottom line.