PrivacyTrust Safe Harbor program
The PrivacyTrust (formerly eTrust) Safe Harbor program is designed to assist companies intending to self-certify their compliance with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce. The PrivacyTrust Safe Harbor program provides guidance prior to and during the self-certification application process, along with support afterwards.
The Safe Harbor certification program is a process developed by the U.S. Department of Commerce in consultation with the European Commission aimed at assisting U.S. companies to comply with the EU Directive 95/46/EC on the protection of personal data.
In Feb 2016 it was announced that EU Safe Harbor would be superceeded by the EU Privacy Shield program.
Intended for U.S. organizations that process personal data collected in the EU, the Safe Harbor Principles are designed to assist eligible organizations to comply with the EU Data Protection Directive and maintain the privacy and integrity of that data. U.S. companies can opt into the program (I.e. self-certify to the U.S. Department of Commerce) as long as they adhere to the 7 principles and 15 frequently asked questions.
For more information visit the U.S. Department of Commerce Safe Harbor website.
7 Safe Harbor Principles
- Notice - Individuals must be informed that their data is being collected and about how it will be used.
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
Enforcement - There must be effective means of enforcing these rules.
Safe Harbor has been replaced by the Privacy Shield program