On May 31, 2019, the Asia-Pacific Economic Cooperation (“APEC”) endorsed Schellman & Company as the second U.S. “Accountability Agent” overseeing the APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) systems. Along with TrustArc, Schellman & Company will now be able to independently assess and certify the compliance of U.S. companies under the APEC CBPR and PRP systems.
The APEC CBPR system is a regional, multilateral, cross-border data transfer mechanism and enforceable privacy code of conduct developed for businesses by the 21 APEC member economies. The CBPRs implement the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework. Although all APEC economies have endorsed the system, in order to participate, individual APEC economies must officially express their intent to join and satisfy certain requirements. Currently, the U.S., Mexico, Canada, Japan, South Korea, Singapore, Australia and Chinese Taipei are participants in the APEC CBPR system.
The APEC PRP system allows information processors to demonstrate their ability to effectively implement an information controller’s privacy obligations related to the processing of personal information. The PRP also enables information controllers to identify qualified and accountable processors, as well as to assist small or medium-sized processors that are not widely known to gain visibility and credibility. The U.S. and Singapore currently participate in the PRP system.