International Safe Harbor Privacy Principles

From Wikipedia, the free encyclopedia

This article or section includes a list of references or external links, but its sources remain unclear because it lacks in-text citations.
You can improve this article by introducing more precise citations.

To meet Wikipedia's quality standards, this article or section may require cleanup because it is in a list format that may be better presented using prose.
You can help by converting this section to prose, if appropriate. Editing help is available. (January 2008)

This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2008)

This article is orphaned as few or no other articles link to it.
Please help introduce links in articles on related topics. (October 2006)

It has been suggested that this article or section be merged with Safe harbor arrangement. (Discuss)

The International Safe Harbor Privacy Principles are a set of privacy regulations set forth by the European Union (EU) as part of the Directive on Data Protection. Intended for organizations within the EU or US that store customer data, the Safe Harbor Principles are designed to prevent accidental information disclosure or loss.

[edit] Principles

The list of principles are outlined as follows:

NOTICE - A company must provide a data-usage statement, to inform the user of how said company will use their data. One important aspect that the company must disclose is their
CHOICE - The customer must have the option of "Opting Out" of any information disclosure.
ONWARD TRANSFER - If the company chooses to disclose information to another entity, it must adhere to the principles of Choice and Notice. For example, if the customer has opted out, the company must not disclose his/her data to another entity.
SECURITY - Companies must secure their systems to protect against the loss, misuse, disclosure, destruction, and alteration of data.
DATA INTEGRITY - The data must be processed relevant to the purpose that the data was originally collected for.
ACCESS - The customer must have access to his/her data so that he/she can add, edit, or delete data.
ENFORCEMENT - The company must enforce these principles, as well as its own internal policies and procedures, in the aim of preventing accidental or intentional data disclosure or loss.

[edit] Sources

Commerce Commission "International Safe Harbor Privacy Principles" US Department of Commerce, April 19, 1999 <http://www.ita.doc.gov/td/ecom/shprin.html> (Accessed 30 April 2006)