WELCOME TO THE SAFE HARBOR

The European Commission’s Directive on Data Privacy went into effect in October, 1998, and would prohibit the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these different privacy approaches, the Directive could have significantly hampered the ability of U.S. companies to engage in many trans-Atlantic transactions.

In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework. The safe harbor -- approved by the EU in July of 2000 -- is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides "adequate" privacy protection, as defined by the Directive.

This web-site provides the information an organization should need to evaluate, and then join, the safe harbor. The checklist below should guide you through the process.

CHECKLIST FOR JOINING

* If you are considering joining the safe harbor, you first should take the following steps:

1. Read the safe harbor overview, including the benefits of joining.

2. Read the safe harbor documents.

3. Review the safe harbor workbook.

* If you then decide to join the safe harbor, you should:

1. Bring your organization’s policies and practices into compliance with the safe harbor’s requirements;

2. Verify that your organization has done so; and

3. If you wish to assure your organization of safe harbor benefits, review the information required for certification and complete and submit the certification form.

* Certification can be submitted on-line or by sending a letter to Jeff Rohlmeier, Room 2011, International Trade Administration, Department of Commerce, 14th & Constitution Avenue, N.W., 20230.