Safe Harbor Program; Data Privacy Laws When Doing Business in the EU

Do you do business extensively in the European Union (EU)? If so, you will encounter strict personal data privacy laws, just as you would in the US. To make sure businesses comply with EU privacy laws, the US government has developed a Safe Harbor Program. Businesses can participate in this program to comply with data privacy for all EU nations. The following article will give you a general overview of the Safe Harbor Program, its benefits, and how your business can participate.

What is the Safe Harbor Program?

Just as most US businesses collect and retain sensitive personal information from their customers - such as names, addresses, social security numbers, credit card numbers and other account numbers; so do businesses in the European Union. Yet, there are many regulatory and policy differences between the two. To bridge the different approaches towards privacy protection, the US Department of Commerce and the European Commission on Data Protection created a-Safe Harbo- program for US businesses.

The Safe Harbor Program allows businesses to transfer consumer data between the US and the EU. US businesses that enroll in the program will be able to collect and transfer personal data in the 27 member nations of the EU.

There are two Safe Harbor Programs. The US-European Union Safe Harbor Program is applicable to the US and the EU. The US-Swiss Safe Harbor Program is applicable to the US and Switzerland. The frameworks for both programs are similar, and so are their application processes and forms.

Who Should Apply?

US businesses that plan to or do business with multiple countries in the EU can benefit from the Safe Harbor Program. If you are involved in imports and exports or consumer data exchange, enrolling in the program can simplify your compliance process.

What are the Benefits?

There are a couple of benefits to enrolling in the Safe Harbor certification program.

• Faster Process: When your business fulfills the requirements of the Safe Harbor Program, it has satisfied data privacy laws in all countries of the EU. Therefore, you will not have to wait for individual member states to approve your application or waive their requirements.
• Fewer Expenses: After you pay your fees and your business is certified, you do not need to apply for individual state certifications to guarantee compliance.

• Trial in the US: If an EU business files a claim against your company, a trial will most likely take place in the US.

What Are the Requirements?

There are seven requirements your business must comply with before the program grants you certification.

• Identify Data Collection Purposes. You must let individuals/businesses know your purpose for collecting or using their personal information. You must provide contact information for inquiries or complaints.
• Honor Opt In/Opt Out Decisions. You must give individuals the choice to opt out of information disclosure to a third party. You must give individuals an opt-in choice if you or a third party does not use the information for its original authorized purpose.
• Subject Third Parties to Same Principles. If you transfer consumer data to a third party, the third party must subject themselves to Safe Harbor principles or the same level of privacy protection.
• Allow Access to Data. You must give Individuals access to the data they provided you. They generally should be able to'correct, amend, or delete information where it is inaccurate'
• Protect the Data. You should take reasonable steps to protect personal data from'loss, misuse and unauthorized access, disclosure, alteration and destruction'
• Collect Only Relevant Data. The data you collect must be relevant to your purpose.
• Enforce these Principles. You must set up procedures to enforce Safe Harbor principles.

How to Do I Receive Certification?

You self-certify and register your business with the Department of Commerce. Each year, you will need to renew to maintain certification with the Safe Harbor Program. Once your business is certified, it will appear on a list of certified organizations on Export.gov.

Follow these steps to certify your business:

• Contact the FTC or the DOT. Verify with the Federal Trade Commission or Department of Transportation that your business falls under their jurisdiction.
• Develop a Safe Harbor Compliant Privacy Policy Statement. Learn more about specific Safe Harbor requirements to adhere at Export.gov.
• Establish Enforcement Procedures. Procedures should guide dispute resolutions. Learn more about dispute resolution and enforcement at Export.gov.
• Establish a Point of Contact. Establish a point of contact for requests and disputes related to Safe Harbor.
• Submit the Certification Form.

• Pay the Application Fee. If you are a new applicant, you will need to pay a $200.00 fee. When you recertify, you will need to pay a $100.00 re-certification fee.

Are you certified for the Safe Harbor Program? Are you certified through a similar program? Please feel free to comment on this article and share your experience with us.

Related Resources

• Safe Harbor Workbook at Export.gov' an overview of the Safe Harbor framework and practice
• Self-Certification Guide to Safe Harbor at Export.gov