Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

香港六合彩 » SlideShare


Published on


Published in: Technology
  • Be the first to comment

  • Be the first to like this

香港六合彩 » SlideShare

  1. 1. Privacy and Security in the Information Age Conference, Melbourne, Australia August 16, 2001 The United States Government’s Approach to Privacy: The EU Directive and the Safe Harbor Framework Patricia M. Sefcik U.S. Department of Commerce
  2. 2. Privacy in Europe and the U.S. <ul><li>The European privacy system is based on comprehensive legislation. </li></ul><ul><li>The U.S. privacy system is based on self regulation and sector specific legislation in highly sensitive areas such as financial, medical, children’s and genetic information. </li></ul>
  3. 3. Historical Overview: Safe Harbor <ul><li>OCTOBER 1998 </li></ul><ul><ul><li>EU’s sweeping privacy directive went into effect </li></ul></ul><ul><li>JULY 2000 </li></ul><ul><ul><li>Safe Harbor principles are deemed adequate </li></ul></ul><ul><li>NOVEMBER 1, 2000 </li></ul><ul><ul><li>Safe Harbor becomes effective </li></ul></ul><ul><ul><li>DOC launches safe harbor website </li></ul></ul><ul><li>JANUARY 4, 2001 </li></ul><ul><ul><li>Official Department of Commerce roll-out </li></ul></ul><ul><li>JANUARY-AUGUST, 2001 </li></ul><ul><ul><li>Outreach events </li></ul></ul>
  4. 4. Safe Harbor Implementation <ul><li>What are the Benefits? </li></ul><ul><li>Who Can Join and How? </li></ul><ul><li>How and Where will Safe Harbor be Enforced? </li></ul>
  5. 5. The Safe Harbor Framework <ul><li>7 Privacy Principles </li></ul><ul><li>15 FAQ’s </li></ul><ul><li>European Commission’s adequacy determination </li></ul><ul><li>Letters between U.S. Dept. of Commerce and the European Commission </li></ul><ul><li>Letters from U.S. Dept. of Transportation and Federal Trade Commission </li></ul>
  6. 6. The 7 Safe Harbor Principles <ul><li> Notice </li></ul><ul><li>Choice </li></ul><ul><li>Onward Transfer </li></ul><ul><li>Security </li></ul><ul><li>Data Integrity </li></ul><ul><li>Access </li></ul><ul><li>Enforcement </li></ul>
  7. 7. The Safe Harbor Principles <ul><li>(1) NOTICE </li></ul><ul><li>Inform individuals about the purpose for which the information is being collected. </li></ul><ul><li>Inform individuals about how to contact the organizations with inquiries or complaints. </li></ul><ul><li>Provide information on the types of third parties to which information is being disclosed, and the choices and means offered for limiting its use and disclosure. </li></ul>
  8. 8. The Safe Harbor Principles <ul><li>(2) CHOICE </li></ul><ul><li>An organization must offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party, or (b) to be used for a purpose that is incompatible with the purposes for which it was originally collected or subsequently authorized by the individual. </li></ul><ul><li>Individuals must be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. </li></ul>
  9. 9. The Safe Harbor Principles <ul><li>CHOICE: Sensitive Information </li></ul><ul><li>For sensitive information (i.e. medical/ health conditions; racial/ethnic origin; political opinions; religious/ philosophical beliefs; trade union membership; sex life), individuals must be given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized. </li></ul>
  10. 10. The Safe Harbor Principles <ul><li>(3) ONWARD TRANSFER </li></ul><ul><li>To disclose information to a third party, organizations must apply the notice and choice principles. </li></ul><ul><li>Notice and Choice are not required for data transfers to an agent (someone who acts on behalf of the transferor) if it is first determined by the organization that the agent complies with the safe harbor principles, or is subject to the directive or another adequacy finding, or enters into a written agreement with the organization . </li></ul>
  11. 11. The Safe Harbor Principles <ul><li>(4) SECURITY </li></ul><ul><li>Organizations creating, maintaining, using or disseminating personal information must take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction. </li></ul><ul><li>Organizations must take more care to protect sensitive information, as it is defined in the principles. </li></ul>
  12. 12. The Safe Harbor Principles <ul><li>(5) DATA INTEGRITY </li></ul><ul><li>Personal information must be relevant for the purposes for which it is to be used. An organization may not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. </li></ul><ul><li>To the extent necessary for those purposes, an organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current. </li></ul>
  13. 13. The Safe Harbor Principles <ul><li>(6) ACCESS </li></ul><ul><li>Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. </li></ul>
  14. 14. The Safe Harbor Principles <ul><li>(7) ENFORCEMENT </li></ul><ul><li>Follow-up procedures for verifying that safe harbor policies and mechanisms have been implemented; </li></ul><ul><li>Readily available and affordable independent recourse mechanisms to investigate and resolve complaints brought by individuals; </li></ul><ul><li>Obligations to remedy problems arising out of a failure by the organization to comply with the principles. </li></ul>
  15. 15. <ul><li>DIRECT COMPLIANCE WITH </li></ul><ul><li>THE EU DIRECTIVE </li></ul><ul><li>CONSENT </li></ul><ul><li>ENTERING INTO A MODEL CONTRACT </li></ul>Other Ways To Comply With The Directive:
  16. 16. Safe Harbor: Next Steps <ul><li>Mid-Year Review </li></ul><ul><li>“ Visual” Compliance </li></ul><ul><li>Financial Service Negotiations </li></ul><ul><li>DPA Visit </li></ul><ul><li>EU Directive Review </li></ul>
  17. 17. CONCLUSION <ul><li>Additional resources are available on the safe harbor website </li></ul><ul><li>Safe Harbor List (updated regularly) </li></ul><ul><li>Safe Harbor Workbook </li></ul><ul><li>Safe Harbor Documents (including Principles, FAQ’s, correspondence) </li></ul><ul><li>Historical Documents (including public comment) </li></ul>
  18. 18. Contact Information <ul><li>Patricia Sefcik, Director </li></ul><ul><li>Office of Electronic Commerce </li></ul><ul><li>International Trade Administration U.S. Department of Commerce </li></ul><ul><li>Room 2003 </li></ul><ul><li>14th & Constitution Avenues, NW </li></ul><ul><li>Washington, DC 20230 </li></ul><ul><li>Tel: (202) 482-0216 </li></ul><ul><li>Fax: (202) 482-5522 </li></ul><ul><li>E-Mail: </li></ul>