The term safe harbor (safe harbour) has several special usages, in an analogy with its literal meaning, that of a harbor or haven which provides safety from weather or attack.
Contents |
A safe harbor is a provision of a statute or a regulation that reduces or eliminates a party's liability under the law, on the condition that the party performed its actions in good faith or in compliance with defined standards. Legislators may include safe-harbor provisions to protect legitimate or excusable violations, or to incentivize the adoption of desirable practices.
An example of safe harbor is performance of a Phase I Environmental Site Assessment by a property purchaser: thus effecting due diligence and a "safe harbor" outcome if future contamination is found caused by a prior owner.
Another example is regarding insider information laws. Broker-dealers are required to have in place Chinese walls (also called information barriers) that prevent the transmission of insider information from one department to another. Each broker-dealer firm is required to have its own barriers and to enforce them on its own. Thus, there is no safe harbor regarding this issue.
A third example can be found in the EU Data Protection Directive, which sets comparatively strict privacy protections for EU citizens. It prohibits European firms from transferring personal data to overseas jurisdictions with weaker privacy laws, but creates exceptions where the overseas recipients have voluntarily agreed to meet EU standards under the Directive's Safe Harbor Principles.
In broadcasting, particularly in the United States of America, the term safe harbor can refer to the hours during which broadcasters may transmit material deemed indecent for children. This "safe harbor", enforced by the Federal Communications Commission, extends—legally—from 10 PM to 6 AM.
In accounting, the term safe harbor may refer to the method by which corporations would rather (typically) incur tax consequences than follow the precise requirements of their respective tax codes.
Sometimes a researcher will have data about human subjects of significance to other researchers and want to share that data. A common case is that hospitals collect large amounts of medical statistics on their patients and it would be useful for medical research for other entities to review that data. In this case, it would be unethical to reveal the identities of the people whose data would be shared, because those people have a right to privacy. In order to share the data, it must first be de-identified so that no particular person can be associated with their data set by anyone who sees the data.
The problem is that it is hard to determine what kind of data can identify a person. One model for determining what data cannot be shared is the United States' policy on protected health information, which gives a list of identifying data. If a researcher removes protected health information from a data set, then the term for that researcher's state is that the researcher is in a "safe harbor" for having taken reasonable action to protect the identities of those whose data the researchers collected.[1]