90 likes | 325 Views
APEC Privacy Framework. “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element that may prevent member nations from gaining all of the benefits of electronic commerce. “
E N D
APEC Privacy Framework • “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element that may prevent member nations from gaining all of the benefits of electronic commerce. “ • “This Framework, which aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s 1980 Guidelines”
APEC information privacy principles • Preventing harm: personal information protection should be designed to prevent he misuse of such information. Specific obligations should take account of risk of harm and remedial measures should be proportional to likelihood and severity of the harm threatened by collection, use and transfer of personal information • Notice: personal information controllers should provide clear statements that personal information is being collected, the purpose of the collection, who the information might be disclosed to, the identity and location of the controller and how to contact them, what choices are available to limit the use and disclosure of the information and how to access and correct the information if needed—should take all reasonably practicable steps to ensure notice is provided either before or during time of collection, or as soon after as is practicable
Collection limitation: collection should be limited to relevant purposes and any such personal information should be obtained by lawful and fair means and , where appropriate, with notice to or consent of the individual concerned. • Uses of personal information: should be used only to fulfill the purposes of collection and other compatible or related purposes, unless get consent of the individual or for legal reasons
Choice: where appropriate, individuals should be provided with clear, easily understandable, accessible, and affordable mechanisms to exercise choice in relation to the collection, use and disclosure of their personal information. • Integrity of personal information: should be accurate, complete and up-to-date to extent possible for the purposes of use
Security safeguards: should be proportional to the likelihood and severity of the harm threatened, the sensitivity of the information and the context in which it is held and should be reviewed periodically • Access and correction: individuals should be able to confirm their information is being held, should be told what that information is, when they ask, and should be able to challenge the accuracy of the information and, if possible as appropriate, have the information rectified, competed, amended or deleted—limitations on this due to undue burden or for legal reasons to protect confidential commercial information.
Accountability: controller should be accountable for complying with Principles and should, if transferring the information, either get consent of the individual or take reasonable steps to ensure recipient will follow the Principles.