APEC PRIVACY FRAMEWORK Flashcards
What is the aim of the Asia Pacific Economic Cooperation Privacy Framework (APEC)?
To promote a consistent approach to data privacy protection across the APEC member economies - facilitating the flow of information while protecting personal information.
What are the benefits of the APEC Privacy Framework?
It fosters trust and economic growth in the region by protecting personal information.
How many core principles does the APEC Privacy Framework consist of?
9 core principles.
What is the Preventing Harm principle?
Recognizes the need to prevent harm to individuals from data privacy breaches with security safeguards.
What does the Notice principle entail?
Individuals should be informed about the processings of their personal data with an easily accessible and clear notice - including purposes and third-party disclosures.
What is the Collection Limitation principle?
Data collection should be limited - and it should be obtained lawfully - with the knowledge or consent of the data subject.
What does the Uses of Personal Information principle refer to?
Purpose must be specified at the time of data collection - and any subsequent use should be limited to those purposes or compatible ones.
What is the Choice principle?
Consent should be obtained where necessary - and data subjects should have the option to withdraw consent.
What is the Integrity of Personal Information principle?
Personal data should be accurate - complete - and mechanisms should allow right to rectification.
What does the Security Safeguards principle require?
Appropriate security measures should be implemented to protect data - proportional to their sensitivity.
What rights are included in the Access and Correction principle?
Individuals should have the right to access and rectification of their personal data - and it should be facilitated.
What is the Accountability principle?
A data controller should be accountable for complying with measures that give effect to the principles stated above. Data controllers should be prepared to demonstrate compliance via practices and policies.
What is the Cross-Border Privacy Rules (CBPR) system?
A system that allows organizations to demonstrate compliance with APEC privacy principles and facilitates data flows across borders while ensuring privacy protections.
How do organizations apply for CBPR certification?
Through an APEC recognized and independent accountability agent who evaluates their privacy policies and practices.
What must organizations also provide to be CBPR certified?
Mechanisms for resolving complaints.
