29th APPA Forum — Communiqué

The 29th Asia Pacific Privacy Authorities (APPA) Forum was held in Seoul, Korea on 19–20 June 2008. This Communiqué outlines the initiatives discussed at this Forum.

From left: Roderick Woo, Privacy Commissioner for Personal Data, Office of the Privacy Commissioner for Data Protection, Hong Kong; Hoi Fan Chan, Office for Personal Data Protection, Macao; Helen Versey, Privacy Commissioner, Office of the Privacy Commissioner, Victoria; Kwang Jin Park, Korean Information Security Agency; Karen Curtis, Privacy Commissioner, Office of the Privacy Commissioner, Australia; Marie Shroff, Privacy Commissioner, Office of the Privacy Commissioner, New Zealand; Jennifer Stoddart, Privacy Commissioner, Office of the Privacy Commissioner, Canada.

The 29th Asia Pacific Privacy Authorities (APPA) Forum was held in Seoul, Korea, from 19–20 June 2008.

APPA has the principal objectives of:

  • Facilitating the sharing of knowledge and resources between privacy authorities within the Asia-Pacific
  • Fostering cooperation in privacy and data protection
  • Promoting best practice amongst privacy authorities
  • Working to continuously improve our performance to achieve the important objectives set out in our respective privacy laws.

The first day of the Forum was a broader session. In attendance were the Privacy Commissioners and representatives of Canada, Hong Kong, Korea, New Zealand, Australia and Victoria, as well as observers from the French Data Protection Authority (CNIL), the Office for Personal Data Protection, Macao, the United States Federal Trade Commission and the OECD. Korean government officials and representatives from Korean and international corporations were also present.

The open session featured presentations on privacy and compliance issues that focused on:

  • Personal information protection policies in Korea;
  • Personal information grievance resolution in Korea; and
  • Korean Internet Personal Identification Number (i-Pin) for protecting private information.

The Forum also included sessions on issues of interest to the region, such as an overview of the current status of work to implement the APEC Privacy Framework and related initiatives being undertaken through the OECD.

Jurisdictional reports were presented and discussion took place around data breach notification initiatives in various regions. Data breach notification guides have now been released by a number of the APPA jurisdictions including Canada, New Zealand and Victoria. Australia has also released a draft voluntary breach notification guide, which is currently open for consultation. The collaboration on this issue has demonstrated the desire of the APPA members to build on each other’s work and as far as possible, given jurisdictional differences, to encourage consistent policy development across the region.

The second day of the Forum was a closed session for APPA members and invited observers from CNIL and the Office for Personal Data Protection, Macao. The Forum discussed in detail the work being undertaken on the APEC pathfinder projects and the potential impact that these initiatives will have on cross-border privacy issues.

The Forum also resolved to continue its efforts to strengthen relationships internationally between APPA members, the OECD and EU member states.

Reports were delivered on the progress made to date by APPA working groups focusing on secondments and Privacy Awareness Week. The Privacy Awareness Week working group reported on the 2008 youth competition, and discussed initiatives for Privacy Awareness Week in 2009, including a date change from August to the first week of May.

Next meeting

The 30th APPA meeting is scheduled for 13–14 November 2008 in Victoria, Australia.