by Anick Fortin-Cousens, Manager, Corporate Privacy and Data Protection & Privacy Officer, Growth Markets
Five months ago, IBM became the first company in the world to achieve certification under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) system.
“Why did IBM undergo this voluntary certification?” we are often asked.
Quite simply because we support APEC’s objectives of achieving personal information protection while promoting trade, and that we believe that the CBPR system is a practical mechanism to meet these critical goals.
In our view, protecting personal information is fundamental to trust, upon which the digital economy relies. The digital economy however also requires that organizations of all sizes and of all industries be able to move data across geographical borders to deliver services to customers, run manufacturing and internal operations, and achieve other goals..
Voluntary but enforceable codes of conduct such as the CBPR can play an important role in enabling free, privacy-preserving personal data flows among countries, resulting in numerous benefits to economies, organizations, and individuals. I had the privilege of providing testimony on this very topic before the US International Trade Commission in September 2013.
While the CBPR is now operational, work remains to be done for the system to deliver on its promises of enabling trusted but free data flow in the region: more member economies must join the system, and local law or practice must permit those who have obtained certification to move data freely across borders.
As the system matures, we believe it will provide a vibrant model for global interoperability, resulting in growth for economies, innovation for organizations, and strong privacy protection for individuals.