APEC Cross-Border Privacy Rules Certification

Overview

The APEC Cross-Border Privacy Rules (CBPR) system is a government-backed data privacy certification that enables the free flow of personal information across APEC economies while ensuring effective protection of that information. Established in 2011, the CBPR system implements the nine APEC Privacy Framework principles (updated in 2015) through a certifiable set of program requirements that organizations self-assess against and submit to an APEC-recognized Accountability Agent for review and certification.

As of 2024, the CBPR system has evolved into the Global Cross-Border Privacy Rules (Global CBPR) Forum, expanding beyond APEC member economies. The Global CBPR Forum was established in April 2022 by Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States, with additional economies joining subsequently. Organizations certified under the APEC CBPR system are transitioning to Global CBPR certification.

Sentinel Compliance Group holds CBPR certification through TRUSTe (TrustArc), the US-recognized Accountability Agent, covering its customer data processing operations across APEC economies.

APEC Privacy Framework Principles

The CBPR system is built on the nine principles of the APEC Privacy Framework (2015 revision):

Principle 1: Preventing Harm

The organization develops policies and procedures to prevent misuse of personal information and to mitigate the risk of harm to individuals. Harm includes physical, financial, reputational, psychological, and other forms of damage arising from the collection, use, or disclosure of personal information.

CBPR Requirements: