Safe Harbor Privacy Principles

Safe Harbor Privacy Principles issued by the US Department of Commerce on July 21, 2000

Title:	Safe Harbor Privacy Principles
Source reference:	http://www.export.gov/safeharbor/SH_Documents.asp
Topic:	Export of personal data from a data controller who is subject to E.U. privacy regulations to a U.S. based destination
Direct / indirect relevance	Direct. Entities wishing to accede to the Safe Harbor are required to assess security measures with regard to data processing and to take the required security precautions.
Scope:	Voluntary adherence by the affected U.S. entities
Legal force:	Voluntary self-certification. The voluntary character is relative, since the data controller must comply with E.U. privacy regulations, but alternative methods of compliance (such as the model clauses discussed below) exist.
Affected sectors:	Generic export of personal data to a U.S. entity
Relevance to RM/RA:	Before personal data may be exported from an entity subject to E.U. privacy regulations to a destination subject to U.S. law, the European entity must ensure that the receiving entity provides adequate safeguards to protect such data against a number of mishaps. One way of complying with this obligation is to require the receiving entity to join the Safe Harbor, by requiring that the entity self-certifies its compliance with the so-called Safe Harbor Principles. If this road is chosen, the data controller exporting the data must verify that the U.S. destination is indeed on the Safe Harbor list (see http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list)

Browse the Topics