BayBiotech.NET
The European Commission’s Directive on Data Protection w.e.f.October of 1998 prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection of the personal data. For purposes of the policy, "personal information" means information that:
is transferred from the European Union to the United States;
is recorded in any form;
is about, or pertains to, a specific individual or can be linked to that individual.
While both the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.
With a goal to bridge the different privacy approaches between the United States and European Union and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework to provide the information an organization should need to evaluate – and then join – the Safe Harbor.
Safe Harbor Directive applies to all personal information that is handled by an organization, including on-line, off-line, and manually processed data.
Where the company receives personal information from its subsidiaries, affiliates, or other entities in the EU, the company will use and disclose such information in accordance with the purposes for which it was originally collected, or in accordance with the notices provided by such entities.
The company will provide notice and provide individuals with an opportunity to "opt out" if such personal information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected.
For sensitive information, affirmative or explicit, the company will provide notice and individual choice will be given to "opt-in" if such sensitive information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected. In order to disclose such information, one must have individual’s permission to make the disclosure required by law or professional standards providing adequate level of privacy protection and is reasonably related to the sale or other disposition of the business.
For data security purposes, the organization must employ various physical, electronic, and managerial measures, designed to provide personal information with reasonable protection from accidental loss or destruction, improper use, alteration, or disclosure.
The EU’s Data Protection Directive, implemented in 1998, provides member states with the authority to block such transfers to countries whose privacy enforcement regime does not meet the directive’s requirements. Under the US-EU Safe Harbor Framework, the United States received an “adequacy” determination from the European Commission limited to those U.S. organizations that self-certified to Safe Harbor which allows data transfers to take place without prior approval.
To find out more about the Safe Harbor Framework and the qualification Checklist follow the link:
http://www.export.gov/safeharbor/
The European Commission’s Directive on Data Protection w.e.f.October of 1998 prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection of the personal data. For purposes of the policy, "personal information" means information that:
is transferred from the European Union to the United States;
is recorded in any form;
is about, or pertains to, a specific individual or can be linked to that individual.
While both the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.
With a goal to bridge the different privacy approaches between the United States and European Union and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework to provide the information an organization should need to evaluate – and then join – the Safe Harbor.
Safe Harbor Directive applies to all personal information that is handled by an organization, including on-line, off-line, and manually processed data.
Where the company receives personal information from its subsidiaries, affiliates, or other entities in the EU, the company will use and disclose such information in accordance with the purposes for which it was originally collected, or in accordance with the notices provided by such entities.
The company will provide notice and provide individuals with an opportunity to "opt out" if such personal information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected.
For sensitive information, affirmative or explicit, the company will provide notice and individual choice will be given to "opt-in" if such sensitive information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected. In order to disclose such information, one must have individual’s permission to make the disclosure required by law or professional standards providing adequate level of privacy protection and is reasonably related to the sale or other disposition of the business.
For data security purposes, the organization must employ various physical, electronic, and managerial measures, designed to provide personal information with reasonable protection from accidental loss or destruction, improper use, alteration, or disclosure.
The EU’s Data Protection Directive, implemented in 1998, provides member states with the authority to block such transfers to countries whose privacy enforcement regime does not meet the directive’s requirements. Under the US-EU Safe Harbor Framework, the United States received an “adequacy” determination from the European Commission limited to those U.S. organizations that self-certified to Safe Harbor which allows data transfers to take place without prior approval.
To find out more about the Safe Harbor Framework and the qualification Checklist follow the link:
http://www.export.gov/safeharbor/
Comments
Post a Comment