PrivacyTrust Safe Harbor program
The PrivacyTrust (formerly eTrust) Safe Harbor program is designed to assist companies intending to self-certify to the U.S. Department of Commerce that they comply with the U.S.-EU Safe Harbor Framework as set forth by the Department. The PrivacyTrust Safe Harbor program provides guidance prior to and during the self-certification application process, along with support afterwards. PrivacyTrust provides a dispute resolution service (independent recourse mechanism) and an outside compliance review (verification) service for the U.S.-EU Safe Harbor program and the U.S-Swiss Safe Harbor program.
The U.S.-EU Safe Harbor certification program is a process developed by the U.S. Department of Commerce in consultation with the European Commission aimed at assisting U.S. companies to comply with the EU Directive 95/46/EC on the protection of personal data. The U.S.-Swiss Safe Harbor certification program is designed to facilitate the transfer of personal data from Switzerland to the U.S.
In Feb 2016 it was announced that U.S-EU Safe Harbor would be superseded by the EU-U.S. Privacy Shield program.
Intended for U.S. organizations that process personal data collected in the EU, the Safe Harbor Principles are designed to assist eligible organizations to comply with the EU Data Protection Directive and maintain the privacy and integrity of that data. U.S. companies can opt into the program (I.e. self-certify to the U.S. Department of Commerce) as long as they adhere to the 7 principles and 15 frequently asked questions.
For more information visit the U.S. Department of Commerce Safe Harbor website.
7 Safe Harbor Principles
- Notice - Individuals must be informed that their data is being collected and about how it will be used.
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
Enforcement - There must be effective means of enforcing these rules.
The PrivacyTrust Safe Harbor program has been replaced by the PrivacyTrust EU Privacy Shield program