Safe Harbor Privacy Principles
Safe Harbor Privacy Principles issued by the US Department of Commerce on July 21, 2000
Published under Risk Management
Title: | Safe Harbor Privacy Principles |
Source reference: | http://www.export.gov/safeharbor/SH_Documents.asp |
Topic: | Export of personal data from a data controller who is subject to E.U. privacy regulations to a U.S. based destination |
Direct / indirect relevance | Direct. Entities wishing to accede to the Safe Harbor are required to assess security measures with regard to data processing and to take the required security precautions. |
Scope: | Voluntary adherence by the affected U.S. entities |
Legal force: | Voluntary self-certification. The voluntary character is relative, since the data controller must comply with E.U. privacy regulations, but alternative methods of compliance (such as the model clauses discussed below) exist. |
Affected sectors: | Generic export of personal data to a U.S. entity |
Relevance to RM/RA: | Before personal data may be exported from an entity subject to E.U. privacy regulations to a destination subject to U.S. law, the European entity must ensure that the receiving entity provides adequate safeguards to protect such data against a number of mishaps. One way of complying with this obligation is to require the receiving entity to join the Safe Harbor, by requiring that the entity self-certifies its compliance with the so-called Safe Harbor Principles. If this road is chosen, the data controller exporting the data must verify that the U.S. destination is indeed on the Safe Harbor list (see http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list) |
Browse the Topics