Certified Information Privacy Professional/Asia (CIPP/A)

In the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, an exception to the Access and Correction principle is allowed in situations where the burden or expense of providing access or making corrections would be unreasonable. The framework recognizes that in certain cases, such as when claims for access are repetitious or vexatious, or when providing the information would violate laws or compromise security, it may be necessary to deny or limit access or correction. This ensures that organizations can manage resources effectively while still upholding individual privacy rights.

The privacy principles issued in 1980 by the Organisation for Economic Cooperation and Development (OECD) can be defined as guidelines governing the protection of privacy and trans-border data flows of personal data in states that are members. The OECD principles were designed to provide a framework for protecting individuals' privacy while facilitating the free flow of information across borders, and they apply to member states.

The Cross Border Privacy Rules (CBPR) system includes self-assessment against a CBPR questionnaire, enforcement by Accountability Agents, and dispute resolution via the Accountability Agent's compliance program. Consultation with a Privacy Enforcement (PE) Authority is not an element of the CBPR system.

The term defined by the European Commission to mean any data that relates to an identified or identifiable individual is 'personal data.' According to the General Data Protection Regulation (GDPR), 'personal data' refers to any information that can identify a natural person either directly or indirectly, such as a name, identification number, location data, or an online identifier.

Health information is universally considered sensitive personal information in almost all countries with privacy laws. This is due to the highly personal nature of health data and the potential for misuse if it is not adequately protected.