The APEC’s CBPR, and its impact on your business

Data breaches have posed a significant threat in recent years. 2018 saw a 126% rise in the number of Personally Identifiable Information (PII) records breached. Many industries that are supported by technology for their online presence are at risk of attack.

This trend has alerted regulators all over the world, impelling them to enforce policies and legislation to protect consumer privacy rights. Regulations such as the GDPR in Europe and CBPR in the Asia-Pacific region are highly adopted standards followed by economies worldwide. They guide and regulate business activity concerning consumer data protection and its privacy.

The APEC and the CBPR

Headquartered in Singapore, the Asia-Pacific Economic Cooperation, or APEC, is an intergovernmental organisation that facilitates free trade among countries in the Asia-Pacific region. It was established in 1989 as a result of the rise in global demand for Asian products. The aim was also to find new markets for agricultural products in Europe and beyond.

APEC’s member economies, with help from public and industrial sectors, set up the Cross-Border Privacy Rules (CBPR) to regulate the flow of information between borders. CBPR is based on the APEC’s privacy framework and requires all businesses to adhere to the data privacy policies prescribed. The APEC has also appointed independent agents to ensure its adoption and use. The CBPR system applies to consumers, businesses, and even the Governments of the member countries.

A business can opt in if it is registered in one of the 8 countries that currently participate in the CBPR program:

1. USA

2. Mexico

3. Japan

4. Canada

5. Singapore

6. The Republic of Korea

7. Australia

8. Chinese Taipei.

Organisations also need to have a registered accountability agent in their country to assess whether the business qualifies under the CBPR Program Requirements. Here are some key benefits of participating in the CBPR.

Simpler accountability

In the age of information, data is critical for every business — data about physical locations of business outlets, data about customers to deliver personalised experiences and industry intelligence. The CBPR is pivotal in this regard, as it ensures compliance with the APEC’s privacy framework. Each company has its own policies that are evaluated by an independent accountability agent. The agent assesses and certifies that the business manages consumer data in the stipulated manner and implements suitable procedures to maintain the privacy of sensitive information.

Through this system, a consumer is assured about the integrity of their information even when it is transmitted across borders. It also allows consumers to report any non-compliance. On the other hand, Governments of member states develop trust in businesses regarding the capture, use and transfer of Personally Identifiable Information. The firm can achieve accountability with key stakeholders rather than dealing with tedious corporate processes and compliance operations in different countries.

Data continues to be the key to innovation and development. By opting into the CBPR system, businesses stay committed to consumer privacy through APEC best practices, which makes sure that they adhere to local privacy laws.

Easier compliance procedures

The APEC’s CBPR is crucial for multinational corporations. Countries have varying data acquisition, transfer and storage requirements, and privacy policies. It can be challenging for a business to abide by privacy regulations across multiple countries. The CBPR consolidates them into a common set of standards applicable to member states.

Businesses opting in will have the flexibility and independence of drafting their own standards and procedures regarding data security and privacy, all approved by the accountability agent. So, instead of having different policies for compliance across multiple countries and regulatory environments, businesses can focus on developing independent standards to meet CBPR criteria.

Customer Trust

Trust plays a crucial role in determining if and how an individual interacts with a brand. The 2018 Edelman Trust Barometer reveals that businesses in key geographic markets have suffered an acute loss of trust. Only 10% of consumers worldwide believe that they’re in control of their data online. A global KPMG survey found that people perceive social media companies as asking for too much personal information, and that 50% of them delete their browser cookies while managing their social media settings. In almost every market,75% of respondents were uncomfortable with online shopping data being sold to third parties.

Firms with a global presence are perceived as market leaders. Their proactive response to the trust deficit can boost customer confidence and build brand loyalty. Companies willing to be a part of the CBPR, on successful certification are allowed to display and market their compliance according to the prescribed standards. This is very similar to the ISO seals, and is guaranteed to promote the credibility and acceptance of businesses when it comes to information security and privacy.

Growing Adoption

Varying policies across countries can create hurdles in a business’s operations. Before they expand into new geographies, businesses need to consider the regulatory environment, as it impacts critical elements of operations and service delivery.

KYC regulations and privacy requirements differ from country to country, and in many cases, businesses employ auditors and legal consultants to ensure adherence to local regulations. The cost of compliance, which is considerably high, creates a major entry barrier.

The CBPR system makes it easy for businesses having to confront the daunting task of aligning their operations with local KYC and privacy regulations. It helps them grow, especially as more countries join in.

The CBPR already accounts for 8 economies in the Asia-Pacific region — approximately 37.5% of global GDP. Its member countries — USA, Singapore and Japan exercise significant diplomatic influence. With some of the largest consumer markets, these countries hold substantial appeal for upcoming players. When powerful economies adopt the CBPR, it encourages other countries to buy into it. The resulting situation is worthwhile — the more countries a business operates in, the more opportunities it encounters.

The APEC’s CBPR sought to create common standards on data privacy and remove existing barriers to business development. It builds a sense of trust among the consumers and partners in international markets, while also making operations seamless and cost-effective.

Sphere Identity streamlines the customer onboarding process in a safe and compliant way while also giving individuals their privacy back.