The International Trade Administration at the U.S. Department of Commerce recently announced that NCC Group has been approved as a U.S. Accountability Agent under the APEC Cross-Border Privacy Rules (“CBPR”) system. NCC Group joins TrustArc and Schellman as the third U.S. Accountability Agent under the CBPR and the sixth Accountability Agent approved under the system overall. NCC Group will now be able to independently assess and certify the compliance of U.S. companies under the APEC CBPR system and under the APEC Privacy Recognition for Processors (“PRP”), a corollary system to the CBPR specifically for processors.
On March 19, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a Q&A on the APEC CBPR and PRP systems. The Q&A is designed to explain the workings of both systems, who is currently participating in them and how interested companies can certify.
Key questions addressed by the Q&A include:
- What are the CBPR and PRP?
- Which APEC economies participate in the CBPR?
- How can companies become CBPR or PRP certified?
- Are the CBPR and PRP enforceable?
- How do CBPR and PRP interact with domestic privacy laws?
- Why should companies seek CBPR or PRP certification?
To read the answers to these questions and more, view the Q&A.