Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Court Decision on FACTA Credit Card Transaction Receipt Violations | Main | 68 Info Sec & Privacy Tweets Digest Back Through March 7 »

1746 Organizations In The U.S.'s EU Safe Harbor Program

A type of project I really love to do is a privacy impact assessment (PIA). For companies who collect or otherwise handle the personally identifiable information (PII) of individuals from multiple countries, typically doing a cross border data flow analysis of the PII is within the scope of the PIA.

One of the actions that often results from a PIA, for an organization within the U.S., is determining whether or not they will participate in the U.S. EU Safe Harbor program. (NOTE: Safe Harbor is NOT a law; it is a program within which organizations voluntarily choose to participate.)

Many to most information security, and even privacy, leaders within organizations who have employees and/or customers in the EU do not know that there is a site where the companies who are, and have but no longer are, participating in the Safe Harbor program is listed, here.

There is so much very detailed and valuable information about each of the companies on the site. You can find the copies of the information each company included within their Safe Harbor application, including contact information and other details that some of the companies probably should not have included on a document that would be posted publicly.

While there is a lot of information within the site, it is not easily navigated. While there are some search options, I'd like to see the option to go directly to companies based upon the first letter of their company name. I did find a way to move around more quickly than just using the "more" and "previous" links at the bottom right corner of the screen...I just change the numeral at the end of the URL.

Also, along with all the details about the companies, it would be very interesting, and more easily reveal some insights into the Safe Harbor program, to show some accompanying statistics.

Here are some of the statistics I'd love to see provided on the Safe Harbor site along with the listing of companies:

  • Total number of unique companies participating in Safe Harbor
  • Total number of entities (some companies have multiple subdivisions/subsidiaries listed) participating in Safe Harbor
  • Total number of countries from which PII is being collected from all the companies
  • Number of companies collecting PII from each of the countries
  • Total number of entities still active in the Safe Harbor program
  • Total number of entities listed as "Not Current" along with a listing of each company and the dates they were active
  • Total numbers of entities within each industry that are still active within Safe Harbor, along with a pie chart or other graph to easily see the differences between industries.

Over the past couple of weeks I've been participating on Twitter and am really getting a lot of value from folks from all over the world. So, I was somewhat surprised not to see Twitter participating in the Safe Harbor program since they appear to be based out of San Francisco. Facebook is participating in Safe Harbor.

It is very fascinating just to read through all the company application information!

What is amazing to me is how many more organizations are now participating from just a few years ago. When the program started in 2001 it seemed to be floundering and few organizations were participating. I wrote a paper in May 2002, "European Union (EU) Data Protection Directive of 1995 Frequently Asked Questions" and at that time only 176 were participating, and even then not all of them were "active." Interesting that now there are 1746; just inserted a "4" in the string of digits from that point in time! :)

I see now I need to update this paper and get the statistics and other info about the EU countries up to date, and a few minor tweaks and corrections made...

Tags:                          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 12, 2009 8:37 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/954

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.