Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Passing the Safe Harbor By

    By
    Matthew Hicks
    -
    June 11, 2001
    Share
    Facebook
    Twitter
    Linkedin

      Dun & Bradstreet Corp. wasted no time in November when U.S. companies were given an easier way to comply with Europes tough privacy laws.

      The company signed up right away to comply with the so-called Safe Harbor deal, negotiated by European Union and U.S. officials, which gives companies like D&B the chance to meet all EU privacy regulations at once by satisfying seven conditions, rather than dealing individually with each of the European countries from which they may export customer information (see chart).

      But what was a no-brainer for D&B has turned into a brain teaser for most U.S. e-businesses operating in Europe. Only 48 U.S. companies had signed up for the Safe Harbor deal as of the end of last month despite the approach of an unofficial July 1 deadline when data protection officials in the EU countries may begin enforcing Europes data protection directive. The directive, among other things, bans the export of personally identifiable data from the EU to any country without adequate privacy protections. Fifteen more companies have Safe Harbor filings under review, according to the U.S. Department of Commerce, which is administering the program.

      Are U.S. companies playing a dangerous game by waiting until the last minute to file for Safe Harbor status? Not necessarily, experts say. Even though European officials can begin enforcing provisions of the EU privacy directive as early as next month by cutting off the flow of private data, the odds of that happening on a widespread basis are slim, experts say.

      Meanwhile, committing to the Safe Harbor provisions now could cost U.S. companies time and money and open them to investigations by U.S. government agencies. Therefore, experts say, the best course for many e-businesses is to delay declaring Safe Harbor status while preparing to comply quickly.

      Despite a high-profile announcement last month by Microsoft Corp. that it plans to sign up, corporations largely remain skeptical of the Safe Harbor. Thats because it requires them to make public commitments to protecting customer privacy. And, although Safe Harbor is mainly a self-regulatory process, it exposes companies that sign up to possible enforcement by the Federal Trade Commission. Theres also uncertainty about how the EU will enforce its privacy directive and how much protection Safe Harbor will provide, said Jonathan Winer, an attorney with Alston & Bird LLP, in Washington.

      “Companies are waiting to the last minute … because theres substantial risks in moving ahead,” Winer said.

      For example, Winer said, U.S. companies will not be protected under Safe Harbor if, besides bringing information about European customers into the United States, they also use it in operations in other parts of the world.

      The implications of Safe Harbor are particularly unclear for certain industries. Consider the financial services industry, which isnt covered by the Safe Harbor agreement because such U.S. laws as the 1999 Gramm-Leach-Bliley Act and the 1970 Fair Credit Reporting Act already govern data privacy in that industry. But the European Commission, which implements EU policies, has insisted that those laws arent enough and that U.S. financial services companies will have to enter into separate contractual agreements with EU countries guaranteeing privacy protections. The Bush administration disputed that in March, and the two sides remain at a stalemate.

      Online travel site Expedia Inc. remains one of the companies waiting to decide whether to join Safe Harbor. Although Expedia prides itself on protecting personal information, it must also consider the financial and administrative burden of joining a regulatory process such as Safe Harbor, said Mark Britton, senior vice president and general counsel for Expedia, in Bellevue, Wash.

      Even companies that have announced support for Safe Harbor are making sure they can live up to their promises. Although D&B, for instance, is complying with Safe Harbor for consumer data, the company is still waiting to include human resources data as part of its Safe Harbor terms.

      One reason D&B was able to join Safe Harbor so quickly on the consumer side is that as a provider of information about businesses, it doesnt transmit much personally identifiable data beyond information on business owners or officers, said Jean Cantrell, executive director of government affairs, in Washington. In addition, with operations in 200 countries, D&B had already adhered to tougher privacy standards and did not have to make major changes to comply with Safe Harbor, she said.

      The sort of caution demonstrated by D&B is wise, experts say. Until U.S. e-businesses know exactly how and when EU officials will enforce new privacy regulations and how and where Safe Harbor will apply, the smart move for many companies is to gather information. Specifically, they should figure out what information they are collecting and transmitting from Europe and whether they need to change their data privacy procedures and processes to meet Safe Harbor requirements, said Ruth Nelson, director of the privacy practice at PricewaterhouseCoopers, in New York.

      “The worst thing a company could do is sign up for it and then be breaching it on a daily basis,” Nelson said.

      Matthew Hicks
      As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×