JIPDEC is now an accountability agent under the APEC Cross Border Privacy Rules On January 25, 2016, the Japanese government announced that Japan Institute for Promotion of Digital Economy and Community (JIPDEC) was named an accountability agent under the APEC Cross Border Privacy Rules system (CBPR). Although JIPDEC has not announced when it will start the certification business, nor given details concerning the certification as yet, JIPDEC said, in response to our inquiry, that it will start accepting applications for certification in April this year. With this certificate from JIPDEC, business entities can prove their compliance with the APEC Privacy Framework and potentially promote their business involving the transfer of personal information within APEC economies. 1. What is CBPR? Since the introduction of the APEC Privacy Framework in 2004, Asia-Pacific Economic Cooperation (APEC) has exerted efforts to ensure data protection and promote effective data flow across APEC member economies. As a part of these efforts, in 2011, it introduced the CBPR system, which provides a framework for the certification of business entities' compliance with the APEC Privacy Framework. Currently, four economies (i.e., United States, Mexico, Japan and Canada) are participating in the CBPR system . 2. The P Mark System The CBPR system is not the first certification that JIPDEC has administered, since it has been operating the "Privacy Mark" system, (the “P mark system”) since 1998. Under the P mark system, JIPDEC certifies the compliance of business entities with Japan industrial standards concerning data privacy (JIS Q150001). In addition, JIPDEC has served as a certifying body for some international standards, such as ISMS. 3. Possible Impact Large multinational companies involved in regular data transfers are the most likely applicants for the certification. The P Mark certification has been obtained by 14,635 companies as of March 10, 2016, and CBPR certification may appeal to these companies as well. Amendments to the Japanese data protection law, which introduces new regulations upon the international transfer of personal information, will come into force no later than September 9, 2016. JIPDEC's CBPR certification may potentially help with the transition from the current regulations to the new regulations, but transparency is lacking in this area. The newly established Personal Information Protection Commission should eventually set down guidelines to regulate cross-border data transfers. It would seem logical for the CBPR framework to be part of these new guidelines. For more information, please contact Ken Takase or Tsugihiro Okada.