International Trade Administration, U.S. Department of Commerce.
Notice of opportunity for organizations to submit applications to serve as Accountability Agents in the Asia Pacific Economic Cooperation (APEC) Privacy Recognition for Processors (PRP) system.
The International Trade Administration's Office of Digital Services Industries (ODSI) invites interested organizations to submit applications for recognition by APEC to act as an Accountability Agent for U.S.-based companies that are subject to Federal Trade Commission jurisdiction as part of APEC's Privacy Recognition for Processors system.
Applications may be submitted beginning December 29, 2017. Until further notice, there is no closing date for submitting applications.
Please submit applications by email to firstname.lastname@example.org, attention: Michael Rose, Office of Digital Services Industries, International Trade Administration, U.S. Department of Commerce. See SUPPLEMENTARY INFORMATION for additional instructions on submitting applications.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
All questions concerning this notice should be sent to the attention of Michael Rose, Office of Digital Services Industries, International Trade Administration, U.S. Department of Commerce, by telephone at (202) 815-0374 (this is not a toll-free number) or by email at email@example.com.
End Further Info
Start Supplemental Information
In 2004, Leaders of the 21 APEC economies 
endorsed the “APEC Privacy Framework” (Framework). The goal of the Framework is to facilitate the flow of information between the 21 economies in APEC by promoting a common set of privacy principles that will enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections. In order to implement this Framework, member economies developed a voluntary system of Cross Border Privacy Rules (CBPR), which was endorsed by APEC Leaders in November 2011 (the Leaders' Declaration is available at http://www.apec.org/Meeting-Papers/Leaders-Declarations/2011/2011_aelm.aspx). The Leaders' Declaration instructs APEC member economies to implement the APEC CBPR system to reduce barriers to information flows, enhance consumer privacy, and promote interoperability across regional data privacy regimes. In July 2012, the United States formally commenced participation in the CBPR system. The United States issued an open invitation for interested organizations to submit applications for recognition by APEC to act as an Accountability Agent for U.S.-based companies that are subject to Federal Trade Commission jurisdiction as part of APEC CBPR system, available at: https://www.federalregister.gov/documents/2012/07/30/2012-18515/applications-to-serve-as-accountability-agents-in-the-asia-pacific-economic-cooperation-apec-cross.
The APEC CBPR system applies to personal information controllers (“controller”), defined in the Framework as “person(s) or organization(s) who control the collection, holding, processing or use of personal information”. APEC developed the Privacy Recognition for Processors (PRP) system to complement the CBPR system, and APEC Leaders endorsed the PRP system in February 2015. The United States was approved by APEC economies on the Joint Oversight Panel, the body overseeing the CBPR and PRP systems, to participate in the PRP system on November 15, 2017.
The PRP system is designed to help personal information processors (“processors”), third parties that are acting as agents to perform task(s) on behalf of and under the instructions of a controller, demonstrate their ability to implement a controller's privacy obligations related to the processing of personal information. The PRP system also helps controllers identify qualified Start Printed Page 658and accountable processors and helps ensure that processing is consistent with the controller's CBPR System processing requirements.
The PRP system requires processors to implement privacy policies and practices consistent with the PRP system requirements for all personal information that they process on behalf of controllers, and these policies and practices must be assessed as compliant by an APEC-recognized Accountability Agent (“PRP certification”). Under the PRP system, an “Accountability Agent” is a third-party organization that provides verification services related to the data privacy policies and practices for those processors seeking PRP certification. Only APEC-recognized Accountability Agents may perform PRP certifications.
An Accountability Agent may only provide PRP certification for a U.S. processor that is subject to the enforcement authority of the Federal Trade Commission, the U.S. privacy enforcement authority.
An applicant may be designated as an Accountability Agent if APEC member economies recognize that it meets the recognition criteria agreed to by APEC. Those criteria are set forth in the Accountability Agent APEC Application for the PRP System (“APEC PRP System Guide”), which is available at: https://cbprs.blob.core.windows.net/files/Accountability%20Agent%20Application%20for%20PRP%20Revised%20For%20Posting%203-16.pdf.
Organizations interested in being designated as an Accountability Agent should notify the Department of Commerce of their interest in obtaining APEC recognition and submit the information described in the APEC PRP System Guide to the Office of Digital Services Industries by email at firstname.lastname@example.org.
End Supplemental Information
Dated: December 29, 2017.
Deputy Assistant Secretary for Services, U.S. Department of Commerce.
[FR Doc. 2018-00046 Filed 1-4-18; 8:45 am]
BILLING CODE 3510-DR-P