TrustArc Webinar - Everything You Need To Know About Global CBPR But Are Afraid To Ask
TrustArc
362 views
22 slides
Oct 08, 2024
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
The Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems have led to the creation of the Global CBPR Forum. To benefit consumers and businesses, Global CBPRs seek to expand the benefits of data transfer beyond the APAC region...
Slide Content
© 2024 TrustArc Inc. Proprietary and Confidential Information.
Everything You Need To Know About
Global CBPR But Are Afraid To Ask
Everything You Need To Know About
Global CBPR But Are Afraid To Ask
2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
3
Speakers
Noël Luke
Chief Assurance Officer
TrustArc
Val Ilchenko
General Counsel
& Chief Privacy Officer
TrustArc
Maciej Piszcz
Senior Assurance Program
Manager, AI & Global Privacy
TrustArc
Speakers
Noël Luke
Chief Assurance Officer
TrustArc
Val Ilchenko
General Counsel
& Chief Privacy Officer
TrustArc
Maciej Piszcz
Senior Assurance Program
Manager, AI & Global Privacy
TrustArc
Agenda
●Introduction to the Global CBPR Forum
●Participating Regions
●Mapping to OECD and GDPR
●Benefits
●Path to Certification
●Introduction to the Global CBPR Forum
●Participating Regions
●Mapping to OECD and GDPR
●Benefits
●Path to Certification
Introduction to the
Global Cross-Border
Privacy Rules Forum
Global Cross-Border
Privacy Rules Forum
6
APEC a forum for 21 Pacific-rim member economies that seeks to promote open trade and practical economic cooperation
throughout the Asia-Pacific region. Cooperation is based on three pillars: trade and investment liberalization, business facilitation,
and economic and technical cooperation. The primary goal is to support sustainable economic growth and prosperity in the region
APEC and the creation of Cross Border Privacy Rules system
APEC a forum for 21 Pacific-rim member economies that seeks to promote open trade and practical economic cooperation
throughout the Asia-Pacific region. Cooperation is based on three pillars: trade and investment liberalization, business facilitation,
and economic and technical cooperation. The primary goal is to support sustainable economic growth and prosperity in the region
APEC and the creation of Cross Border Privacy Rules system
7
Cross-Border Privacy Rules (CBPR)
Privacy Recognition for Processors (PRP)
Cross-Border Privacy Rules (CBPR)
Privacy Recognition for Processors (PRP)
Global Forum’s objectives and goals
Strategic Goals
1.Establish and operationalize the Global CBPR and Global Privacy
Recognition for Processors (PRP) Systems
2.Promote membership and participate in the Global CBPR Forum
3.Continue to develop and enhance Forum operations and activities
Objectives
○Administering its global data protection and privacy certifications,
the Global CBPR and PRP systems;
○Facilitating data protection and the free flow of data globally;
○Providing a forum to share best practices and promote
cooperation on data protection and privacy; and
○Pursuing interoperability with other data protection and privacy
frameworks
Strategic Goals
1.Establish and operationalize the Global CBPR and Global Privacy
Recognition for Processors (PRP) Systems
2.Promote membership and participate in the Global CBPR Forum
3.Continue to develop and enhance Forum operations and activities
Objectives
○Administering its global data protection and privacy certifications,
the Global CBPR and PRP systems;
○Facilitating data protection and the free flow of data globally;
○Providing a forum to share best practices and promote
cooperation on data protection and privacy; and
○Pursuing interoperability with other data protection and privacy
frameworks
Participating Regions
10
Members of the Global Forum
Members Associate Members
Members of the Global Forum
Members Associate Members
CBPR Workshop Delhi, India 2024
Mapping Global Cross Border
Privacy Rules Framework
Privacy Rules Framework
13
OECD vs Global CBPR Framework: Privacy Principles Assessment
OECD Privacy Principles
1. Collection
2. Data Quality
3. Purpose Specification
4. Use Limitation
5. Security Safeguards
6. Openness
7. Individual Participation
8. Accountability
Global CBPR Framework
3. Collection of Personal Information
6. Integrity
4. Use of Personal Information
4. Use Integrity of Personal Information
7. Security Safeguards
2. Notice
8. Access/Correction
9. Accountability
1. Preventing Harm
5. Choice
and
OECD vs Global CBPR Framework: Privacy Principles Assessment
OECD Privacy Principles
1. Collection
2. Data Quality
3. Purpose Specification
4. Use Limitation
5. Security Safeguards
6. Openness
7. Individual Participation
8. Accountability
Global CBPR Framework
3. Collection of Personal Information
6. Integrity
4. Use of Personal Information
4. Use Integrity of Personal Information
7. Security Safeguards
2. Notice
8. Access/Correction
9. Accountability
1. Preventing Harm
5. Choice
and
14
Principles GDPR CBPR
1Access, Correction Data Subject Rights Access, Correction,
Deletion
2Collection LimitationSpecified, explicit,
legitimate purposes
Collection limited to
specific purposes
3Use of Personal
Information
Data minimization The use limited to fulfill
specified purposes of
collection
4Choice and Use of
Personal information
Consent - freely given,
specific, informed and
unambiguous indication of
the data subject’s wishes
(where relied upon)
Express consent for non
compatible purposes.
Comparing GDPR and CBPR System
Principles GDPR CBPR
1Access, Correction Data Subject Rights Access, Correction,
Deletion
2Collection LimitationSpecified, explicit,
legitimate purposes
Collection limited to
specific purposes
3Use of Personal
Information
Data minimization The use limited to fulfill
specified purposes of
collection
4Choice and Use of
Personal information
Consent - freely given,
specific, informed and
unambiguous indication of
the data subject’s wishes
(where relied upon)
Express consent for non
compatible purposes.
Comparing GDPR and CBPR System
Benefits
●CBPR (Cross-Border Privacy Rules): CBPR is designed for
data controllers (organizations that determine the purposes and
means of processing personal data) to demonstrate their
compliance with CBPR program requirements.
●PRP (Privacy Recognition for Processors): A key component
of the CBPR System, PRP is designed for processors
(organizations that process data on behalf of data controllers,
corporate clients). It establishes a framework for assessing and
certifying processor privacy practices and security safeguard.
●Data Transfer Mechanism: Companies can leverage CBPR
certification to streamline data flows across jurisdictions while
adhering to established privacy principles based on the globally
recognized OECD Guidelines (Japan, Singapore, DIFC,
Bermuda, USMCA).
●Enhancing Privacy Against Globally Recognized Principles:
The CBPR System enables companies to demonstrate
compliance with globally recognized privacy principles.
Key Components of the CBPR System
data controllers (organizations that determine the purposes and
means of processing personal data) to demonstrate their
compliance with CBPR program requirements.
●PRP (Privacy Recognition for Processors): A key component
of the CBPR System, PRP is designed for processors
(organizations that process data on behalf of data controllers,
corporate clients). It establishes a framework for assessing and
certifying processor privacy practices and security safeguard.
●Data Transfer Mechanism: Companies can leverage CBPR
certification to streamline data flows across jurisdictions while
adhering to established privacy principles based on the globally
recognized OECD Guidelines (Japan, Singapore, DIFC,
Bermuda, USMCA).
●Enhancing Privacy Against Globally Recognized Principles:
The CBPR System enables companies to demonstrate
compliance with globally recognized privacy principles.
Key Components of the CBPR System
Path to Certification
18
Global Cross Border Privacy Rules (CBPR) Principles
No specific requirements
Qualifications apply
No Qualifications apply
Security Safeguards
Preventing Harm Notice
Uses of Personal
Information Choice
Integrity of Personal
Information
Access and
Correction Accountability
Collection Limitation
Global Cross Border Privacy Rules (CBPR) Principles
No specific requirements
Qualifications apply
No Qualifications apply
Security Safeguards
Preventing Harm Notice
Uses of Personal
Information Choice
Integrity of Personal
Information
Access and
Correction Accountability
Collection Limitation
Global Privacy Recognition for Processors
Security Safeguards Accountability
Security Safeguards Accountability
20
●Comprehensive Principles-Based Approach:
○CBPR is built upon a comprehensive set of privacy
principles, making it a robust framework for cross-border
data transfers
○These principles cover various aspects of data protection
and security
●Accountability Agent:
○Through CBPR system Accountability Agent works with
companies to ensure that the privacy practices of
participating companies meet the program requirements of
PRP and / or CBPR
○Certification by a third-party adds credibility and ensures
impartial evaluation
The role of the Accountability Agent
●Comprehensive Principles-Based Approach:
○CBPR is built upon a comprehensive set of privacy
principles, making it a robust framework for cross-border
data transfers
○These principles cover various aspects of data protection
and security
●Accountability Agent:
○Through CBPR system Accountability Agent works with
companies to ensure that the privacy practices of
participating companies meet the program requirements of
PRP and / or CBPR
○Certification by a third-party adds credibility and ensures
impartial evaluation
The role of the Accountability Agent
21
TRUSTe Certification Process
1
Demonstrate
Provide policies, procedures,
or examples of privacy
management practices to
demonstrate your privacy
management practices
2
Analyze
TrustArc assesses the
evidence provided
against the privacy
framework standards
3
Identify
Privacy Manager creates a
customized privacy roadmap
report identifying gaps in privacy
practices
4
Remediate
Based on identified gaps in
practices collect, compile, or
generate necessary
documents or processes to
demonstrate compliance
5
Certify!
Receive Letter of Attestation,
and TRUSTe Seal for public
posting, Final Report, listing
in the Compliance Directory
TRUSTe Certification Process
1
Demonstrate
Provide policies, procedures,
or examples of privacy
management practices to
demonstrate your privacy
management practices
2
Analyze
TrustArc assesses the
evidence provided
against the privacy
framework standards
3
Identify
Privacy Manager creates a
customized privacy roadmap
report identifying gaps in privacy
practices
4
Remediate
Based on identified gaps in
practices collect, compile, or
generate necessary
documents or processes to
demonstrate compliance
5
Certify!
Receive Letter of Attestation,
and TRUSTe Seal for public
posting, Final Report, listing
in the Compliance Directory
22
Thank You!
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 362
- Slides 22
- Age 418 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
30 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
24 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
39 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
39 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
23 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
24 views