CASRO Safe Harbor Program
What is the US EU Safe Harbor?
Safe Harbor and Your Business
- What is the US-EU Safe Harbor?
- The US-EU and US-Swiss Safe Harbor Frameworks provide a method for US companies to transfer personal data that originates in the European Union and Switzerland in a way that is consistent with the EU Data Protection Directive.
- To join the Safe Harbor, a company must self-certify to the US Department of Commerce that it complies with the Safe Harbor Privacy Principles.
- The Federal Trade Commission enforces the promise that companies make when they self-certify that they participate in the Safe Harbor
- What are the seven Safe Harbor Privacy Principles?
1. Notice - Notify individuals about the collection of their personal data
2. Choice - Give them choices regarding certain uses of their personal data
3. Data Integrity - Ensure the accuracy and integrity of their personal data
4. Access - Allow access, and if necessary, correction of their personal data
5. Security - Protect the security of their personal data
6. Onward Transfer - Comply with restrictions on further transfers of their personal data
7. Enforcement - Provide an independent dispute resolution mechanism for privacy complaints concerning European personal data that is collected, received or processed
- How does Safe Harbor certification affect your research business?
- The Safe Harbor enables US businesses to receive and process personal data from EU countries and Switzerland if you self-certify your adherence to the seven Safe Harbor Privacy Principles.
- Certifying to the Safe Harbor demonstrates that your business provides personal data privacy protections that meet the requirements of the EU Directive on Data Protection.
- Why should your company self-certify to the Safe Harbor?
- Self-certifying to the Safe Harbor assures business partners and respondents that you meet the "adequacy” standards required by the EU, allowing you to conduct business with European partners seamlessly.