六合彩-香港六合彩 » slideshare
DESCRIPTION
.我脑袋沉沉的,但体内却是兴奋的,我感觉挺对不起小花的,因为我看蒋小红是越看越漂亮,越看越可爱,越看越觉得自己禽兽不如,竟然对小红有这种想法.另一方面我也痛恨自己,此时此景,我竟然老是忘却李雪长的什么样子,大概酒精让意识模糊了,模糊到把蒋小红看成李雪,把小花看成小草. 看错也就罢了,但是酒后男女共处一室就更为危险了.香港六合彩妈哥香港六合彩去我大嫂家商谈结婚的操办事宜,接留下我和小花小红三个人在家里看电视.倘若就我和小花或者是我和小红也没有什么大问题,但是一男两女醉醺醺的待在一起,可谓是定时炸弹放在体内,随时都有引爆的危险.蒋小花没喝酒,意识很清楚,香港六合彩说香港六合彩先进房间看医学书去,客厅现在就剩下我和小花两个人,这不存心让我犯TRANSCRIPT
1
THE U.S.-EU SAFE HARBOR: Requirements and Self Certification Procedures
Lauren SaadatU.S. Department of Commerce
International Trade AdministrationOffice of Technology & E-Commerce
2
Implications of the different approaches to data flows and trade
European Data Protection Authorities have broad legal authority to stop data flows.
Implications of EU Directive: According to the U.S. Census Bureau, Foreign
Trade Division, in 2004, the U.S. and its top six European trade partners shared approximately $355 billion in trade.
Most of this trade could be dependent on the exchange of personally identifiable information.
3
Finding a Solution
U.S. and EU expressed commitment to bridge their different approaches to privacy while maintaining data flows and high level of privacy protection
FTC Act permitted each side to maintain their position U.S. companies made voluntary
commitments EU satisfied because FTC Act made those
commitments legally binding
4
Finding a Solution
Safe Harbor registration is a voluntary “representation” to European business partners and European citizens that U.S. companies will comply with the framework.
Failure to comply with Safe Harbor could constitute an unfair or deceptive trade practice under FTC Act Could result in injunctions and redress
5
Finding a Solution
July 2000: U.S. Receives “adequacy” determination from European Commission for the Safe Harbor framework
However, U.S. companies only eligible if their regulator (i.e., FTC or DoT) agrees to enforce their commitments
6
The Safe Harbor Framework
November 1, 2000:
Safe Harbor becomes effective
DoC launches Safe Harbor website at http://export.gov/safeharbor
7
What Is the Safe Harbor Framework?
Safe Harbor framework includes:
7 privacy principles 15 FAQ’s EU’s “adequacy” determination Letters between DoC and European
Commission (EC); the Federal Trade Commission and the Department of Transportation and the EC; etc.
8
Where Can We Find Information About It?
Safe Harbor website includes:
Safe Harbor List (currently more than 820 organizations, including multinationals and SMEs)
Safe Harbor Workbook Compliance Checklist/Helpful Hints Safe Harbor Documents (including
principles, FAQ’s, correspondence, etc.) Historical documents (including public
comments)
9
Helpful Hints
Confirm the jurisdiction of FTC or DOT Establish independent recourse
mechanism Ensure verification mechanism Designate contact point Develop Compliant Privacy Statement
Conforms to principles Makes specific reference to SH adherence Provide accurate privacy policy statement
location, available to the public
10
Benefits of the Safe Harbor
Benefits of Implementing the Safe Harbor Framework:
Predictability and Continuity (all 25 Member States, plus EEA countries, bound by “adequacy” determination)
Eliminates need for prior approval to begin data transfers
Flexible privacy regime congenial to U.S. approach
Simpler/more efficient means of compliance
11
Who may join the Safe Harbor?
What organizations may join Safe Harbor?:
U.S. Organizations subject to jurisdiction of the Federal Trade Commission with respect to unfair or deceptive acts or practices under Section 5 of the Federal Trade Commission Act or the U.S. Department of Transportation
Companies that are uncertain as to whether they fall under the jurisdiction of these agencies can seek clarification from the agencies.
12
Who should join the Safe Harbor?
What organizations should join Safe Harbor?:
Organizations that receive personally identifiable information from EU member states must demonstrate “adequate” privacy protections
Organizations that have not identified another basis for demonstrating “adequacy” should consider joining Safe Harbor
13
Compliance & Enforcement
How and where will Safe Harbor be enforced?:
In general, enforcement will take place in the U.S., in accordance with U.S. law, and will rely, to a great extent, on private sector enforcement.
Private sector enforcement has three components: verification, dispute resolution, and remedies.
14
Compliance & Enforcement Failure to comply with Safe Harbor
requirements:
If an organization persistently fails to comply with Safe Harbor requirements, it is no longer entitled to Safe Harbor benefits.
Independent recourse mechanisms are required to notify DoC of such facts. Safe Harbor list will indicate failure to comply.
Failure to comply may also result in an enforcement action by the FTC or DoT.
15
The Safe Harbor Principles
An organization entering the Safe Harbor must adhere to seven privacy principles:
1. Notice2. Choice3. Onward Transfer4. Security5. Data integrity6. Access7. Enforcement
16
The Safe Harbor Principles
(7) Enforcement: Organizations must have the following enforcement mechanisms in place:
follow-up procedures for verifying that safe harbor policies and mechanisms have been implemented
readily available and affordable independent recourse mechanisms to investigate and resolve complaints brought by individuals
obligations to remedy problems arising out of a failure by
the organization to comply with the principles
17
The Safe Harbor Principles
Verification:
An organization may use a self-assessment (in-house) or an outside/third-party assessment program.
Under self-assessment, a statement verifying the assessment should be signed by a corporate officer or other authorized representative at least once a year.
Under outside assessment, a verification statement should be signed either by the reviewer or by the corporate officer/authorized representative at least once a year.
18
The Safe Harbor Principles
Dispute Resolution:
Organizations may choose to have disputes resolved by third-party dispute resolution programs (such as TRUSTe, BBBOnLine, DMA, AICPA WebTrust, JAMS, Entertainment Software Rating Board, etc.), or they may choose to cooperate and comply with the European Data Protection Authorities (DPA’s).
In the case of human resources data, the organization must agree to cooperate and comply with the DPA’s (See FAQ 9).
19
The Safe Harbor Principles Human Resources Data:
See FAQ 9 Organizations transferring employee data from
Europe to the U.S. must: Submit to the EU DPAs for purposes of dispute
resolution; and Comply with member state law regarding the use
of information (i.e. processing requirements) as well as any restrictions under national law for transfer of such data.
Access: Employers in the EU must comply with member state regulations and ensure that employees have access to such information. Organizations processing such data in the U.S. must provide access either directly or through the EU employer.
20
The Safe Harbor Self-Certification Procedure
How do organizations join Safe Harbor?:
Organizations must comply with the framework’s requirements and publicly declare that they do so (see FAQ 6).
Organizations that decide to join the Safe Harbor may do so by:
Self-certifying via the Safe Harbor website at http://www.export.gov/safeharbor; or
Sending a letter to the Department of Commerce.
21
The Safe Harbor Self-Certification Procedure (cont.)
Once received, the DoC reviews the information submitted for completeness and to verify that the information submitted is consistent.
To be assured of Safe Harbor benefits, an organization needs to reaffirm its self-certification annually to the DoC.
The Safe Harbor includes a searchable list with compliance status.
22
Since Then and Moving Forward
January 2002: First joint EC/DOC review of Safe Harbor completed
February 2002: EC submits interim report on functioning of the Safe Harbor
March 2002: Data Protection Authorities visit Washington
Late 2003: DoC and EC resume dialogue and review implementation of the Safe Harbor
October 2004: EC releases second report/staff working paper on Safe Harbor compliance/implementation
23
Other Options for Meeting the EU Directive’s Requirements
Joining Safe Harbor is not the only means of meeting the EU Directive’s requirements
Other alternatives include:
“Unambiguous” consent Necessary to perform contract Codes of Conduct Model Contract Clauses Direct compliance/registration with EU Authorities
24
Contact Information
Questions? Comments?:
Lauren Saadat or Shannon Ballard U.S. Department of Commerce International Trade Administration
HCHB 2003 14th & Constitution Avenues, NW Washington, DC 20230 Ph: (202) 482-3709 E-mail: [email protected]