Project Title

Hosting an APEC Forum to Improve Cross-Border Effectiveness of the Personal Data Breach Notification System 

Project Year

2020   

Project Number

DESG 01 2020A 

Project Session

Session 1   

Project Type

Standard 

Project Status

Project in Implementation   
View Budget TableView Budget Table
|
PrintPrint

Project No.

DESG 01 2020A 

Project Title

Hosting an APEC Forum to Improve Cross-Border Effectiveness of the Personal Data Breach Notification System 

Project Status

Project in Implementation 

Publication (if any)

 

Fund Account

APEC Support Fund 

Sub-fund

ASF: Digital Innovation 

Project Year

2020 

Project Session

Session 1 

APEC Funding

110,000 

Co-funding Amount

Total Project Value

110,000 

Sponsoring Forum

Digital Economy Steering Group (DESG) 

Topics

Digital Economy 

Committee

Committee on Trade and Investment (CTI) 

Other Fora Involved

 

Other Non-APEC Stakeholders Involved

 

Proposing Economy(ies)

Korea 

Co-Sponsoring Economies

Australia; Chile; Hong Kong, China; New Zealand; Peru; Philippines; Singapore; Thailand; United States 

Expected Start Date

01/12/2020 

Expected Completion Date

31/10/2021 

Project Proponent Name 1

Byun Jung-Soo (wef 4 August 2021) 

Job Title 1

Director, International Cooperation Division 

Organization 1

Personal Information Protection Commission (Ministerial Level) 

Postal Address 1

Not Applicable 

Telephone 1

(82-2) 21002481 

Fax 1

Not Applicable 

Email 1

perejini@korea.kr 

Project Proponent Name 2

Beomsoo Kim 

Job Title 2

Professor 

Organization 2

Yonsei University 

Postal Address 2

Not Applicable 

Telephone 2

(82-2) 21234185 

Fax 2

Not Applicable 

Email 2

Not Applicable 

Declaration

Yeo Sang-Soo and Beomsoo Kim 

Project Summary

The digital economy is enabling the cross-border use of products and services. Accordingly, the Asia-Pacific economy needs to establish an environment for safe use of personal data for active participation in the digital economy. 

The objective of this project is to share an understanding of and opinions on the current situation of the different personal data breach notification systems of different economies. It aims to open a Forum to identify the necessity, direction, and basic principles of the personal data breach notification system to invigorate the digital economy of APEC member economies.

 The Forum in which APEC member economies, corporations, and research institutes are participating will be held in May 2021. This forum is expected to contribute to fostering an environment for the safe use of personal data and stimulating the digital economy in APEC member economies.

Relevance

Relevance – Region: As different economies have different personal data protection systems, to take common measures after international personal data breaches, consistent measures and systems are necessary. In particular, if personal data is breached in an economy without a personal data protection system, more efforts need to be made to minimize damage.

As individuals’ trust in data management is important for the sustainable development of the digital economy, APEC Privacy Framework 2015 proposed the necessity of security safeguards against the risk of data breach in Principle 7 (Security Safeguards).  APEC forum proposed project will provide a mechanism for cooperation among privacy regulatory agencies regarding cross-border enforcement (including international data breaches) through APEC Cross Border Privacy Enforcement Arrangement (CPEA) 2010.

This project will supplement the previous APEC initiative and reinforce the competencies of member economies so that the Asia-Pacific economy can use personal data safely and fairly at home and abroad. As a result, APEC economies are expected to provide users with an environment for safe use of personal data, and therefore contribute to the development of the digital economy. 

Relevance – Eligibility and Fund Priorities: This project can contribute to realize the strategic goal of APEC that supports comprehensive, integrated, and sustainable growth through the support of the Digital Innovation Sub Fund. APEC presents the Internet and Digital Economy Roadmap and places emphasis on the issue of reinforcing reliability and safety in the use of ICT. Accordingly, a mechanism facilitating the free flow of information and data for the development of the Internet and Digital Economy, while respecting applicable domestic laws and regulations. To respond to possible data breaches through this project, we can help personal rights and information utilization by sharing the breach notification system of each APEC members. Also, the Forum will provide an opportunity to understand issues related to personal data breaches likely to take place in the Asia-Pacific region, find common responses and principles of the personal data protection system, and cooperate with each other.

Relevance – Capacity Building: This Forum intends to share the personal data breach notification systems and policies of different economies. To accomplish the goal of the Forum, the project will share types of personal data breaches (data breaches due to negligence of managers, data breaches due to the negligence of personal data subjects, breaches due to the design of the database system and operating errors, etc.) and the necessity of notification and good practices. It also aims to build the capacity of APEC member economies and lay down the foundation for actively participating in e-commerce trading. As a result, each economy will receive help in understanding related trends and developing its own capacity. Also, the Forum will provide an opportunity to perceive the necessity of cooperation among APEC member economies and find and implement common agendas for cooperation.

Objectives

The main objective of this project is to identify personal information-related issues associated with smart video processing, AI, and big data. This project aims at initiating approaches for personal data protection by applying the personal data breach notification system. Issues concerning personal data breach can occur in line with cross-border data transfer or be an unwarranted disclosure that might impact more than a single economy. Therefore, ideas for personal data protection can be shared and the capacity of personal data protection can be strengthened through participation of personal data protection experts from the APEC member economies. The goals of this project are as follows: 

1) To share personal data protection and personal data breach issues in the era of AI and big data.

2) To understand and compare the different personal data breach notification systems of different economies.

3) To share good practices of personal data breach notification with APEC member economies as well as real cases of these data breach notification systems.

4) To enhance knowledge between APEC Privacy Enforcement Authorities (PEAs) and facilitate even more effective cross border enforcement cooperation activities.

5) To discuss data protection methods that can help APEC member economies, corporations, non-profit organizations, NGOs, etc.; and

6) To discuss how to promptly and precisely identify confirmed patients and close contacts while protecting personal information when a new infectious disease like COVID-19 spreads

Alignment

Alignment - APEC:  The APEC Privacy Framework (2005, 2015) establishes principles and implementation guidelines to establish effective privacy protection in local and foreign economies and enables regional transfer of personal data that is helpful to consumers, corporations, and governments. APEC approved the APEC Data Privacy Pathfinder in 2007 to implement the APEC Privacy Framework. The APEC Cross-border Privacy Enforcement Arrangement (CPEA), created pursuant to the APEC Privacy Framework, provides a framework for regional cooperation in the enforcement of all Privacy Laws (which includes data breach investigations). This project will enhance the work of the CPEA with respect to cross border enforcement operations and cooperation.  Also, APEC adopted the Internet and Digital Economy Roadmap in 2017 and agreed to the establishment of DESG (Digital Economy Steering Group) in a bid to grow through the digital economy. Accordingly, the personal data breach notification system handled by the project publishes a plan at the domestic level to manage breaches that may occur during data transfer. By preparing common countermeasures, it will be possible to contribute to the growth of the digital economy which APEC pursues by managing breaches that may threaten the reliability of the digital economy. 

Alignment – Forum: This project presents a way to realize “Enhancing trust and security in the use of ICT,” one of the top priorities of the Internet and Digital Economy Roadmap endorsed by APEC. APEC carried out the Cybersecurity Framework project in 2014, a project dealing with the issue of consumer protection in the digital trade environment in 2019, and emphasized close cooperation at the domestic level in regard to protection and security. Accordingly, it is necessary to determine the direction of development by understanding and comparing the current situations of different economies. Follow-up discussion for personal data protection is a topic that must be handled for sustainable growth through the digital economy of APEC member economies.

TILF/ASF Justification

Not Applicable.

Beneficiaries and Outputs

Outputs:

1)  Forum : APEC Forum 2021, May 2021

The objective of this Forum is to discuss the current situations and policies of APEC member economies in regard to personal data breach notification systems in an effort to globally share responses to personal data breaches in the digital environment. To this end, participants will include policy makers, government officials, legal experts, privacy enforcement authorities, and personal data experts, who are in charge of designing and implementing policies related to the personal data breach notification system.

We are going to include civilian personal data experts in the dedicated team, organized with the Project Overseer, to balance the discussions by covering all viewpoints, including those of government officials, legal experts, and policymakers participating in the Forum. After the presentations are over, we will distribute questionnaires about personal data to the participants and conduct a survey.

Given the state of travel restrictions across many economies, we are planning to prepare virtual formats. So, we will plan are planning for an agenda that may span across various days with limited sessions of 1 to 3 hours each day.

Key outputs are the number of participating APEC member economies, male and female participation rate, and data on the current situations of the personal data breach notification systems of APEC member economies. APEC Forum will virtually host in Seoul.

Survey of Forum participants: All presenters and participants will be asked about the perception of the importance of the personal data breach systems of different economies and the potential contribution of related policies. The survey will be conducted in mid-May when the Forum will be held, and the questionnaires will be distributed and collected immediately after presentations. The questionnaire will consist of the understanding and satisfaction of the event. Surveys will be collected online. 

2)  Forum Summary Reports: Preparing the result report after the APEC Forum

 We will wrap up the Forum in May and prepare the final report in June ~ July. We will complete and publish the final report Forum Summary Report in August. The report is composed of an introduction to personal data breach notification systems by member economies, good practices, and results and discussion. The Forum Summary Report will consist of an abstract, background, a summary of the discussion, conclusion, future direction. The expected length of the document will be in 25 pages.

3)   Website: Sharing the APEC Forum on line after the held forum

We will continuously exchange opinions and discussions online with personal data breach notification system experts before and after the Forum. The website is available for invited experts who is personal data-related policy makers, administrators, and experts are expected to continuously interact online with one another enabled by the Forum. They can be upload the related documents or materials for the participants. PO will build and manage the webpage. The main target will be experts on privacy in Asia.

The POs will be created for the project according to the APEC Website Guidelines on developing a satellite website. 

Outcomes: This forum will make it possible to expect international responses in the medium- and long-term as a solidarity among personal data-related experts will be formed and personal data breach notification systems of different economies will be discussed. This Forum is expected to further promote participation in the digital market by making the digital environment more consumer friendly. This Forum will contribute to reinforcing the personal data capacity of APEC member economies and improving knowledge of personal data breach notification systems and methods in different economies. 

1) Improving understanding of problems related to personal data conflicts in digital trade, including cross border enforcement issues.

2) Making people aware of the personal data breach notification system and discussing systems and policies that can prevent secondary damages to users in case of international problems.

3) Strengthening the digital economy structure through sharing the personal data breach notification systems, policies, and processes of solving problems and the participation of APEC member economies. 

Beneficiaries: The primary target of APEC Forum will be those in charge of the privacy of each economy. They might be government officials in charge of policy-making, personal information managers in the private sector, and professor. It will help to discuss the effective policy for personal data breach notification. In the particular case of Rep. of Korea, these institutions include: 

- Personal Information Protection Commission
- Korea Internet & Security Agency
- Yonsei University
- Barun ICT Research Center
- Korea Chief Privacy Officers

Criteria for the primary target participant group will be nominated as the person in charge of privacy in each economy.  By participating in the forum, the participants of each economy will be able to get the good practices related to the personal data breach notification system and information that can be used for actual policies. When each economy introduces a related system, an environment for safe use of personal data will be created, and individual users, the secondary groups, are expected to enjoy the digital economy.

Not only APEC participants and privacy enforcement authorities, but also experts and working-level staff from corporations (IBM, Microsoft, facebook etc.), non-profit organizations, and research institutes utilizing international data will be invited. The current status and problems of the personal data breach notification systems of different economies will be identified, and opinions on implementation of the breach notification system will be shared in case of personal data breach. It will help identify the problems of data utilization for invigoration of the sustainable digital economy and the challenges that must be overcome. Effective policies will be presented.

Dissemination

The documents and presentation materials prepared for the Forum will be uploaded to the database related to APEC meeting documents. After the Forum, we will prepare the Forum Summary Report which includes key discussions and recommendations related to the personal data breach notification system. This report will be posted as a publication. Also, it is recommended that participating economies should upload it to their websites. The report will be shared through the Personal Information Protection Support Portal of Korea. Finally, Forum Summary Report will be submitted as an APEC publication.

Gender

This project proposal will promote the leadership, voice, and agency which pillar(s) of women's economic empowerment. Both male and female speakers and participants can attend the APEC Forum to this end, the programs of the Forum will include female speakers. Also, both male and female experts in related areas such as policy makers, personal data experts, NGOs, and academics of APEC member economies will be invited. When the project ends, we will present quantitative data, such as the female participation rate and the number of female speakers, so that gender equality can be measured. We will encourage women to participate in the APEC Forum as speakers and participants at least 30%. 

PO is committed to collecting sex-disaggregated data for all speakers and participants (not only those funded by APEC) at the project event.  This data will be included when submitting a Completion Report to the Secretariat upon completion of the project, as well as providing guidance to future POs on their own gender parity targets. 

In general, women are significantly disadvantaged when looking at the many aspects of discussion areas undertaken by APEC Projects. Therefore, this project proposal strongly encourages to go beyond the underrepresented gender's participation and bring gender discussions into projects to actively contribute to women's empowerment in economic activities in the region. We will add the agenda that could ensure gender perspective in the workshop discussions.

Work Plan

The theme of the APEC Forum is sharing the personal data breach notification system, and participants and presenters will be recruited among the personal data protection experts of APEC member economies. Presenters will come from APEC member economies, and government officials in charge of personal data business and speakers from institutions, corporations, and academics will be invited. We will try to invite some panel about the health data issue. The honorarium and translator’s fee related to invitation of presenters will be paid according to APEC expense standards. After the Forum is held, the project report must include deliverables based on the plan, such as output and outcomes, according to the APEC Project Completion Report standards. With the PO at the center, we are communicating closely with the economies and institutions of each economy to hold the Forum, and we will prepare for the Forum according to the following table. Also, the workshop will be taken into account the availability of video conference options in the current pandemic. The PO consider to change to virtual format in case of COVID-19. 

Time

Task

Deliverables

 October 2020

Project start.

The POs will establish working procedures.

Preparation

October – November 2020

The POs will coordinate with collaboration stakeholders to creating the list of workshop invitees.

The POs will Plan program, invite speakers, and prepare the APEC Forum.

Coordination of project

Outline of responsibilities for project

Detailed program plan

Speaker selected

January 2021

In coordination with the PD, the POs will create workshop evaluation instruments (i.e., questionnaires, survey, and targeted interview).

Creating the questionnaire for survey

January 2021

Cconsiderations to change the event format and decision communicated to the Program Director of the Secretariat

Communicate to the Program Director of the Secretariat

February – April 2021

At least two months before the workshop (May 2021), the POs will send the General Information Circular for the virtual workshop.

To travel-eligible economy participants and experts, the POs will provide specific guidance on travel limitations and funding reimbursement in accordance with APEC guidelines.

In accordance with the APEC Projects Guidebook, the POs will keep the PD informed of project implementation progress.

Preparation and Coordination of Project

Send General Information Circular

Development of Workshop Currculum

Development of Workshop Evaluation Instruments

April 2021

The PO will submit APEC Project Monitoring Report 1 (MR)

Monitoring Report 1 (MR)

May 2021

Holding the Forum

Collecting survey data with a focus on the presenters and participants who participated in the forum

Hosting APEC Forum

Collecting the survey data

June – August 2021

Preparing the Forum Summary Report Developing the website

Draft of Forum Summary Reports

Web page for the APEC Forum

1 September 2021

Submission the Forum Summary Report for the review of the Secretariat. 

Forum Summary Report will consist of an abstract, background, a summary of the discussion, conclusion, future direction.

Forum Summary Report

October 2021

Project Completion Date (PCD)

December 2021

The POs will complete and submit the APEC Project Completion Report to the PD 

Submit of APEC Project Completion Report

June 2022

The POs will participate in the Long Term Evaluation of APEC Projects conducted by the Secretariat.

Post-Project Completion Activity

Risks

When making preparations for the APEC Forum, it is important to get presenters who can share the personal data breach notification system of each economy to participate in the forum. To ensure that such presenters can participate in the forum without any problem, the Project Overseer will closely cooperate with the co-sponsoring economies, the private sector and the APEC secretariat, and make preparations for the Forum at the right time in consideration of the impacts of COVID-19. Given the COVID-19, we will prepare the APEC Forum be conducted on a virtual platform.  Also, to ensure efficient interactions between presenters and participants, we will provide Q&A. It is necessary to have clear agendas related to the personal data breach notification system, which will be handled in this Forum. Also, to make agendas that have an innovative and helpful theme, the cooperation of governments, corporations, NGOs and experts is necessary. The proportion of female participants will set at 30 percent or higher to encourage women. Lastly, to accomplish the ultimate objective of the project, we will check existing APEC completion reports in advance, and cooperate with APEC officials. 

To decrease the risk of low participation from the private sector, POs consider invite the speaker in private sector.  Also, the POs will cooperate with other government officer, experts in private sector, and academia to share the output of the APEC Forum. Through the cooperation, the POs will manage the risk of ‘Economies not applying knowledge learned or adopting recommendations from the project.’

Monitoring and Evaluation

1)  To measure the project’s output, we are using the following indicators. We are planning to use the number of forum participants, presenters’ participation, and distribution of the result report.

2)  To evaluate the outcomes of the project based on the APEC Project Monitoring Report, which will be prepared in the future, we will measure the social impacts of sharing the personal data breach notification system quantitatively and qualitatively. To this end, we will survey forum participants in regard to the perception of the importance of the personal data breach systems of different economies and potential related policies. To measure or evaluate the proposed outputs, we will use the surveying the participants attending the APEC Forum in May 2021.

3)  In particular, it is necessary to hold a global discussion of the disclosure of the personal data of confirmed cases to prevent the spread of COVID-19.

4)  To check the objective of the Forum with women included, we will show the female participation rate and the number and proportion of female presenters in the report.

5)  We will collect survey data with a focus on the presenters and participants who participated in the forum. 

Outputs

Indicators

Preparation

Executed by April 2021

No. of experts engaged: 6

APEC Forum

No. attending: 50

No. of women /  men: 30% / 70%

Summary Report

No. of pages: 25 pages

Outcomes

Indicators

Improving understanding of problems related to personal data conflicts in digital trade, including cross border enforcement Issue.

Survey of Forum participants

To measure or evaluate the proposed outputs, we will use the surveying the participants who are attending the APEC Forum in May 2020.

To evaluate the outcomes of the project based on the APEC Project Monitoring Report, which will be prepared in the future, we will measure the social impacts of sharing the personal data breach notification system quantitatively and qualitatively.

30% of participant’s exposure to the issue of personal data

30% or higher participation from women

Linkages

This project is based on the issue of the APEC Internet and Digital Economy Roadmap, which APEC presented in 2017, i.e. “Enhancing trust and security in the use of ICT”. Also, as the Forum is based on discussions about OECD Principles for Internet Policy-Making, i.e. “Promote and protect the global free flow of information” (Principle 1) and “Strengthen consistency and effectiveness in privacy protection at a global level” (Principle 9), we can expect to share the experience of participants from international organizations such as APEC and OECD. Part of the Forum will be open to the general public to provide an opportunity to increase awareness of personal data protection, and the Forum results will be shared with personal data protection stakeholder groups as well as APEC officials through the performance report. The outcomes of this project will be shared with the Security and Prosperity Steering Group (SPSG) of APEC TEL through the APEC Secretariat in due course. To avoid duplication of the previous  APEC initiative, the POs will focus on improving understanding of problems related to personal data conflicts in digital trade and making people aware of the personal data breach notification system.

Sustainability

After the APEC Forum, the results of discussions can be used by policy makers of APEC member economies to respond to personal data breaches. The results discussion will be complied in a Forum Summary Report. As AI and Big Data technology are utilized, personal data breach is unavoidable, and continued review and preparations of an international personal data breach notification system will be necessary. After the APEC Forum, it will hold a personal data forum, i.e. the Privacy Forum, to share the personal data issues of APEC economies and find solutions. Also, through social media channels in which personal data experts can freely participate in, we will be able to share available methods with other economies that want to learn about successful cases of the personal data breach notification system. After the APEC Forum, we will continuously share actual cases of the personal data breach notification systems of APEC member economies through the Privacy Forum and the personal data protection webpage. We expect that the breach notification system method will be circulated and spread among different economies.

Project Overseers

This project will be managed by Sang-Soo Yeo and Beomsoo Kim. Sang-Soo Yeo is Director of International Cooperation Division, Personal Information Protection Commission (PIPC), Republic of Korea. He is also a professor of Division of Convergence Computer & Media at Mokwon University. Dr. Yeo is an expert on personal data protection, especially on personal data protection technology and policy. He joined the PIPC on August 5, 2020, when the PIPC launched as a ministerial level supervisory authority in ROK. 

Beomsoo Kim, Professor of the Graduate School of Information at Yonsei University, is an expert on personal information protection. Major research areas include personal information protection, privacy, and international cooperation in personal information protection. 

He is currently working to develop international cooperation in privacy and privacy while serving as vice-chair of the OECD's DGP(Data Governance and Privacy). Also, Asia Privacy Bridge Forum, a private international research cooperation community, has been conducting research and discussions on expanding and upgrading Asia privacy policies since 2016.

Cost Efficiency

Not Applicable.

Drawdown Timetable

Not Applicable.

Direct Labour

Not Applicable.

Waivers

 

Are there any supporting document attached?

No 
Attachments
Version: 4.0 
Created at 22/12/2020 11:11  by Lucy Phua 
Last modified at 04/08/2021 19:29  by Lucy Phua 
Version HistoryVersion History

Project No.

Project Title

Project Status

Publication (if any)

Fund Account

Sub-fund

Project Year

Project Session

APEC Funding

Co-funding Amount

Total Project Value

Sponsoring Forum

Topics

Committee

Other Fora Involved

Other Non-APEC Stakeholders Involved

Proposing Economy(ies)

Co-Sponsoring Economies

Expected Start Date

Expected Completion Date

Project Proponent Name 1

Job Title 1

Organization 1

Postal Address 1

Telephone 1

Fax 1

Email 1

Project Proponent Name 2

Job Title 2

Organization 2

Postal Address 2

Telephone 2

Fax 2

Email 2

Declaration

Project Summary

Relevance

Objectives

Alignment

TILF/ASF Justification

Beneficiaries and Outputs

Dissemination

Gender

Work Plan

Risks

Monitoring and Evaluation

Linkages

Sustainability

Project Overseers

Cost Efficiency

Drawdown Timetable

Direct Labour

Waivers

Are there any supporting document attached?

hdFldAdmin

Project Number

Previous Fora

Secretariat Comments

Reprogramming Notes

Consolidated QAF

Endorsement By Fora

PD Sign Off

Batch

Forum Priority

Committee Ranking Category

Committee Priority

PDM Priority

Priority Within Funding Category

Monitoring Report Received

Completion Report Received

PMU Field 1

PMU Field 2

PMU Field 3

On Behalf Of

Proposal Status

Originating Sub-Forum

Approval Status
Attachments
Content Type: Standard Proposal
Version:
Created at by
Last modified at by
Go Search