Sail in a Safe Harbor-The Legal Transfer of Data (1,348 words)
Enter: The Safe Harbor
The United States is not recognized as having adequate legal protection, as no national legislation exists. There are ways, however, in which you legally can transfer data from Europe to the United States.
The Safe Harbor is the most often promoted solution for the transfer of data between EU members and the United States. Negotiated by the U.S. Department of Commerce and the European Commission, the Safe Harbor agreement enables a U.S. company to receive data from Europe by voluntarily submitting to regulation by a U.S. government office.
Admission into the Safe Harbor indicates that a company values data-privacy protection and will make every effort to respect Europeans' requests regarding use of their personal information by adhering to a set of seven principles, as explained by The Direct Marketing Association (The DMA):
1. Notice: Inform customers in a clear and timely manner as to what information is collected, why it is collected, to whom you're forwarding it, how its use can be limited and how the customer can contact you for additional information.
2. Choice: Customers must be given a choice to opt-out of certain information uses and exchanges and opt-in if sensitive information is being used.
3. Onward Transfer: Marketers much ensure that if information is disclosed to agents or subcontractors, they agree to abide by the Safe Harbor principles.
4. Access: Give customers access to personal information maintained by the company and the ability to correct it.
5. Security: Reasonable care must be given to protect information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
6. Data Integrity: Ensure that the customer's personal information is reliable, accurate, complete, current and used for intended purposes.
7. Enforcement: Marketers must promise to address consumer privacy concerns by: (1) referring consumers to your customer service department or other in-house dispute resolution program; (2) subscribing to a third-party dispute resolution mechanism to address any unresolved in-house consumer data privacy complaints; and (3) having appropriate monitoring, verification and remedy procedures in place.