The concept of Safe Harbor came about in response to the European Commission’s Directive on Data Protection of 1998, which prohibited the transfer of personal data to non-European Union countries where the European Union (EU) “adequacy” standard for privacy protection is not met. While privacy protection is indeed an important goal for the United States (US) as well as the EU, they each take different approaches to privacy: the US relies on a mix of legislation, regulation, and self-regulation, whereas the EU relies on comprehensive legislation requiring the creation of independent government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin.
To address these differences in approach and to provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework. The U.S.-EU Safe Harbor Framework, which was approved by the European Union (EU) in 2000, allows organizations to become certified by submitting they will abide by the Safe Harbor Privacy Principles and be held accountable to them in accordance with the EU Directive.
The Safe Harbor Framework is an important way for U.S. organizations to demonstrate their commitment to privacy, streamline business processes with the EU, and provide US companies a stronger footing when facing the possibility of prosecution by EU member state authorities under EU member state privacy laws.
Safe Harbor certification has increasingly become an important consideration as companies look for new ways to improve their business infrastructure. For example, many companies are putting critical business data in the cloud to leverage the benefits of cloud computing including reduced cost, improved performance and greater accessibility. Companies who adhere to Safe Harbor principles must have effective privacy policies and practices in place. They also must ensure their service providers and business partners do so as well.
To further demonstrate our commitment to privacy protections, Zapproved recently obtained U.S.-EU Safe Harbor Framework certification. The Safe Harbor program allows U.S. organizations to lawfully receive, maintain and process personal data about data subjects located in the EU. It also assures that businesses can trust Zapproved to abide by the principles embodied in the framework concerning proper notice, choice, data integrity, security, access control and enforcement.