If your company collects personally identifiable information from Internet users via a website, you should have a privacy policy. However, simply copying and pasting the numerous privacy policies that exist today may not be enough to protect your business. In fact, if your business has not implemented the proper online privacy protections, you may face liability, especially when dealing with individuals and business located outside the United States.
As such, the best way to ensure adequate privacy policy terms and conditions is to become certified with the Safe Harbor. The Safe Harbor is a way for companies located in the United States to avoid interruptions in their business dealings with the European Union countries and to avoid having to face prosecution by European authorities under European privacy and privacy policy laws. Being Safe Harbor certified will assure that EU organizations know that your company provides "adequate" privacy protection.
Benefits of the Safe Harbor certification include:
- All 27 Member States of the European Union will be bound by the European Commission’s finding of adequacy
- Companies participating in the safe harbor will be deemed adequate and data flows to those companies will continue;
- Member State requirements for prior approval of data transfers either will be waived or approval will be automatically granted; and
- Claims brought by European citizens against U.S. companies will be heard in the U.S. subject to limited exceptions.
In order to become Safe Harbor certified, an organization must draft a privacy policy that incorporates all of the Safe Harbor Principles (Notice, Choice, Onward Transfer, Access, Security, Data Integrity, Enforcement). The privacy policy must also note that the organization adheres to the Safe Harbor. With a properly drafted privacy policy in place, an organization must publicly declare its willingness to adhere to the Safe Harbor by self-certifying annually with the Department of Commerce. If approved, the organization, along with the necessary filings, will be included in the Safe Harbor List.
Our experienced privacy policy lawyers can draft a Safe Harbor compliant privacy policy, advise you as to the best ways to implement the privacy policy including dispute resolution, draft and file the certification form, and handle yearly reaffirmations to ensure your organization remains Safe Harbor certified. Therefore, if your organization does business online, you should contact our internet law firm today.
Comments