The lack of a cohesive body of data privacy and security laws in the U.S. created problems with transfers of personal information from EU citizens held by U.S. companies. Thus the EU-U.S. Safe Harbor was created and is administered by the U.S. Department of Commerce.\u00a0 Under the Safe Harbor, U.S. companies could self-certify their compliance with minimum standards of data privacy and security such that the EU deemed such companies efforts as adequate to meet EU data privacy and security principles (set out in both Directives and regulations). \u00a0Late in 2015, the European Court of Justice issued a judgment declaring the Safe Harbor agreement as invalid.\u00a0 This decision is cause for concern as U.S. companies may discover that they are no longer in compliance with EU data privacy and security principles, even though they have self-certified under the Safe Harbor.\u00a0 Nevertheless, the Department of Commerce continues to allow U.S. companies to register and self-certify in the Safe Harbor program as a new solution is being sought to address tighter controls to meet more stringent data privacy and security principles.<\/p>\n
In the meantime, companies of all sizes should be reviewing their current practices and reviewing the practices of any third party services providers being used, including cloud services. Be ready to take action.\u00a0 Approximately one third of all data transfers of personal information is between the U.S. and the EU.\u00a0 The EU General Data Protection Regulations (GDPR) set to become law in 2018 sets in place more rigorous regulations for consent to collect personal data, requests for removal of personal information from servers, and stepped up enforcement for complaints.\u00a0 The object of the GDPR is to ensure strict levels of security without impeding market growth for businesses. Fines for failure to comply with the new Regulations may result in fines of up to 4% of a company\u2019s global revenue.<\/p>\n
Although the GDPR isn\u2019t scheduled to take effect for some time, moving to best practices and implementing changes that will ensure future compliance is necessary. Don\u2019t wait until the Regulations become effective, the invalidation of the Safe Harbor can, and likely will, trigger law suits against U.S. companies regardless of whether they have self-certified under the Safe Harbor.<\/p>\n
Don\u2019t be left behind and leave your company exposed.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
The lack of a cohesive body of data privacy and security laws in the U.S. created problems with transfers of personal information from EU citizens held by U.S. companies. Thus the EU-U.S. Safe Harbor was created and is administered by the U.S. Department of Commerce.\u00a0 Under the Safe Harbor, U.S. companies could self-certify their compliance … Continue reading Data Privacy and Security: The Demise of the EU-U.S. Safe Harbor<\/span>