Transcript TransUnion Presentation Template version

Binding Corporate Rules
– Global Implications
Conference on Cross Border Data Flows and Privacy
October 16, 2007
Washington, D.C.
Yukiko Ko
[email protected]
© 2007 TransUnion LLC
All Rights Reserved
TransUnion is a trusted partner for
TransUnion
business
and
Overview
consumers around the world
Founded in 1968
Headquartered in Chicago
Maintains credit histories on an
estimated 500 million consumers
around the globe
Provides solutions to more than
50,000 businesses worldwide
Processes billions of updates
each month
Reaches businesses and consumers
in more than 30 countries on six
continents
Affiliates with partners with more
than 100 years of experience
Employs privacy protocols and
security measures to provide high
confidence in personal financial
information
Helps prevent and combat financial
crimes, such as identity theft and
credit fraud, by establishing the
industry's first dedicated fraud
victim assistance department
2
TransUnion Global Reach
3
TransUnion as Part of a Global Community
• Active participation in the
APEC Data Privacy Subgroup
• Share best practices
through Identity Theft
Prevention and Identity
Management Standards
Panel (IDSP),
American National Standards Institute
• Contribute to capacity building for SMEs and other
players in emerging markets – TransUnion Central
America, among others
4
Why Global Corporate Privacy Rules?
• Proliferation of various data protection laws
– History
– Culture
– Institutional structure (enforcement system)
– Economic needs
• Constant flows of data
sans frontière
– Data transfers (electronic,
oral and physical)
– Access to network
• Privacy, security,
and market demands
5
Features of Global Corporate Privacy Rules
• Transparency
– Intra-company
– Inter-company
– Accountability to the public and regulators
• Efficiency
– Operational
– Compliance
– Training and education
• Uniformity
6
Different Backgrounds yet Common
Interest – EU and APEC
EU
APEC
Size
28% of world GDP1)
493 million people 2)
27 member states 2)
56% of world GDP3)
2.6 billion people 3)
21 member economies 3)
Privacy
culture
Protection of human rights – Protection of consumer rights data processing not
Economic growth based on
infringing human rights
secure data processing
CoArticle 29 Working Party
APEC ECSG Data Privacy Subordination (mandated by the Directive) group (voluntary participation)
Source: 1) World Bank 2) EU at a Glance, 3) APEC at a Glance and World Bank
7
BCRs and CBPRs
Binding Corporate Rules (BCRs)
• Widely recognised compliance tool
Cross Border Privacy Rules (CBPRs)
• Tool currently in works
• Both BCRs and CBPRs aim to facilitate privacy
compliance by creating corporate accountability
• Implementation is key for both BCRs and CBPRs
8
Comparing BCRs and CBPRs
BCRs
CBPRs (still in works)
SelfInternal coordination, audits,
assessment policy setting, standard
application form
Internal coordination, audits, policy
setting, APEC self-assessment
questionnaire (?)
Compliance 27 data protection authorities
Review
with a “lead authority”
Designated government regulator or
accredited third party organisations
(e.g. trustmarks?)
Approval/
27 data protection authorities
Recognition with a “lead authority”
Designated government regulator or
accredited third party organisations
(e.g. trustmarks?)
Dispute
Resolution/
Enforcemen
t
Cross-border dispute
resolution/enforcement in 2 or 3
steps: business, accredited third
parties, enforcement authorities
Cross-border dispute
resolution/enforcement in 2
steps: business, enforcement
authorities
9
Observation
• Commonalities between BCRs and CBPRs hint at global
corporate best practice for data protection
• There is a strong need to provide capacity
building/technical assistance for emerging economies and
SMEs
• Rules development and approval process should be
streamlined and clear
• Frequent information exchange among businesses,
governments, and civil society organisations in the two
regions is essential
10
Thank you
Yukiko Ko
Director, International Fraud and ID Management
TransUnion
[email protected]
11