Sponsored by NetIQ

Ask Rebecca Herold your IT compliance questions!
 Contact Rebecca Herold
 through email, the
 discussion board, or IM.
  Learn more...


Presented by Realtimepublishers
Register now to participate! Minimize
While you're welcome to browse the conversation, you'll need to log in or register to really Join the Conversation. Registration is free and takes only a few minutes, so why not sign up? Just click the "Get a Free Account" link near the top of the page. We look forward to meeting you!

The Conversation Minimize
Subject: Safe Harbor, Master Contracts, or Combination?
You are not authorized to post a reply.

01/24/2006 10:42 AM Alert 

Companies with offices and customers in some or all of the 25 EU countries need to think about whether or not they will pursue complying with Safe Harbor requirements (if they are eligible), create master contracts with each country for safeguarding and handling personal information, or do a combination of both.  There are many factors to consider, including such things as how many countries the organization is in, how much and what types of personal information is collected and processed, as well as the jurisdictional issues in the event an organization goes to court for noncompliance.


What is your organization doing if you have EU presence and/or customers?  Are you participating in, or pursuing, Safe Harbor?  Using master contracts?  Doing a combination?  Please share your experiences and insights.


06/06/2006 10:42 AM Alert 
We are in the process of acquiring a small EU presence and I'm raising the data privacy issue with management. I'm relatively well-versed in US data protection, but understand less than I'd like about the various options for how to comply with EU and UK requirements. I've read the Safe Harbor workbook, and while that might be what we work toward achieving, as a small retail operation, that is unlikely to be obtainable for us in the near term. I would like to better understand what is involved in both notice & consent and Master Contracts. Any suggestions or information anyone can share?

06/08/2006 4:06 PM Alert 
Hi Laurin,

I passed your question on to one of my friends who is CISO at a large multinational retail/manufacturing company. Her company's policies do not allow her to post directly to Internet forums, but she passed the following on to me to post:

"It helps to look in detail at the actual companies that are on the Safe Harbor list and see if others that are in a similar situation to your company are on the list. Also, you can look at the privacy statements on any website, and if they are Safe Harbor, they have to say so on the website. Knowing what other companies in your particular market segment are doing is very valuable."

Here are some resources that I have found useful:
* Model contracts: http://www.privacyexchange.org/tbdi/tbdistudies/councilmodel.html
* Personal information data flows in France: http://www.privacyexchange.org/legal/nat/omni/francesum.html
* Binding corporate rules: http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/consultations/binding-rules_en.htm

If anyone else in the forum has experiences with multionational privacy issues, please share!

Laurin, please let us know what you discover as you continue along with your research and discovery regarding this topic.

Best wishes for success!
You are not authorized to post a reply.
Forums > General Discussion > International Data Protection > Safe Harbor, Master Contracts, or Combination?

ActiveForums 3.5