Safe Harbor Privacy Principles

Safe Harbor Privacy Principles issued by the US Department of Commerce on July 21, 2000

Published under Risk Management
Title: Safe Harbor Privacy Principles
Source reference: http://www.export.gov/safeharbor/SH_Documents.asp
Topic: Export of personal data from a data controller who is subject to E.U. privacy regulations to a U.S. based destination
Direct / indirect relevance Direct. Entities wishing to accede to the Safe Harbor are required to assess security measures with regard to data processing and to take the required security precautions.
Scope: Voluntary adherence by the affected U.S. entities
Legal force: Voluntary self-certification. The voluntary character is relative, since the data controller must comply with E.U. privacy regulations, but alternative methods of compliance (such as the model clauses discussed below) exist.
Affected sectors: Generic export of personal data to a U.S. entity
Relevance to RM/RA: Before personal data may be exported from an entity subject to E.U. privacy regulations to a destination subject to U.S. law, the European entity must ensure that the receiving entity provides adequate safeguards to protect such data against a number of mishaps.

One way of complying with this obligation is to require the receiving entity to join the Safe Harbor, by requiring that the entity self-certifies its compliance with the so-called Safe Harbor Principles. If this road is chosen, the data controller exporting the data must verify that the U.S. destination is indeed on the Safe Harbor list (see http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list)
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies