Safe Harbor Act: International Privacy Principles
Online privacy lawyers are busy these days, as Internet privacy issues seem to be all anybody can talk about. The Internet facilitates a free flowing exchange of information, but it also presents challenges. How can you keep medical records, financial data, even information about sexual orientation, out of the hands of identity thieves? In reaction to this concern, governments and regulators have attempted to set policies that protect the public without curbing freedom. The Safe Harbor Act is one such policy recommendation.
Safe Harbor Act Is All About Privacy
In response to strict European Union privacy laws, the U.S. Department of Commerce negotiated a set of seven principles that U.S. companies could comply in order to be granted “safe harbor” status under the European Union Data Protection Directive. When American firms follow these principles they are included on a list of compliant companies.
Inclusion on the list allows companies that operate within the EU, and collect customer data, to send the collected information outside of the EU. This can be a critical source of consumer information, especially for corporations that have a large online presence. Critics of the process have demonstrated that compliance with the principles is scant and enforcement is minimal.
The Seven Principles Of The US Safe Harbor Act
In order to be in compliance with Safe Harbor Privacy rules, a company must adhere to the following principles.
Safe Harbor Act Principle #1: Notice
A company is required to inform individuals that personal information is being collected and what it will be used for. This notice may take the form of a published privacy policy.
Safe Harbor Act Principle #2: Option
Individuals must be given the option to decline having their personal data collected or used in any way. This option to decline must be easy to execute.
Safe Harbor Act Principle #3: Data Sharing
Personal data may only be shared with third parties that follow similar privacy principles. Those principles must comply with the principles listed in the Safe Harbor rules.
Safe Harbor Act Principle #4: Security
The company collecting data must make a reasonable effort to keep that information secure and to prevent its loss or accidental dissemination.
Safe Harbor Act Principle #5: Integrity
The personal information collected must be both accurate and directly related to the purpose for which it is being collected. The information may not be collected for the sole purpose of being sold to third parties for advertising, unless specifically permitted by the individual.
Safe Harbor Act Principle #6: Access
An individual must be given easy access to their own personal information and must be given the option of correcting or deleting that information.
With the US feds itching to pass a universal online privacy policy, it makes sense for website operators to start adhering to Safe Harbor principals now. It’s only a matter of time before similar standards are codified in the U.S.
Tags: International Online Privac y Laws, Safe Harbor Act, Safe Harbour Act