How will the APEC implementation scheme work?
Having obtained confirmation that the CPBR approach is only one way of implementing the APEC Privacy Framework (albeit currently the main focus of the Privacy Subgroup) it has become clearer that the practical implementation of the CBPR approach is intended to be as follows: • A business seeking to participate will prepare a document setting out how it will comply with any applicable standards, and how it will deal with any complaints about breaches; i.e. a version of the privacy policy or privacy statements which are required by some domestic laws (and by APEC principle II). (In the Pathfinder this is known as self-assessment project 1) This self-assessment will be based on a standard set of questions, currently being drafted by TRUSTe with input from all participants. • The document would be assessed by an accountability agent which might be a regulatory agency or a trustmark organisation. Private accountability agents (e.g., trustmarks) would be approved based on a separate trustmar
