The Safe Harbor Framework governing transfer of personal information from the European Union to the United States is no more. On October 6, 2015, the European Court of Justice (ECJ) struck down the vaunted bilateral data protection and transfer agreement, impacting over 4,700 companies that relied on the Safe Harbor for transporting and storing European data overseas. The decision, which took effect immediately and left no grace period for international organizations to make alternative arrangements, vigorously reinforces European legal protections for data privacy while leaving a broad swath of data-related commercial activity on tenuous legal ground.
Nearly every organization collects personally identifiable information, or PII. Because of the sensitive nature of many different types of PII, its collection can pose an array of unique challenges, especially for younger or smaller organizations without a dedicated privacy department. The unwarranted release of such information can ravage people’s lives and forever destroy any modicum of trust an organization may enjoy with its customers and with the general public. One of the most fundamental privacy questions an organization may face is: what does “personally identifiable information” mean? Given the differing responsibilities that an organization has with respect to PII versus non-PII, the answer to this question is critical. This article is designed to help you flesh out the concept of personally identifiable information and begin to think about the ways your company should handle PII-related issues. Read more
UPDATE: Since this article was drafted, the US-EU Safe Harbor program has been shut down. There is now a new regime in place named Privacy Shield. Please see this article for more information.
Any company looking to transfer data about users from the European Union region to the United States will likely need to familiarize itself with the U.S.-EU Safe Harbor Framework. This article covers three topics: what is the U.S.-EU Safe Harbor, what are its advantages and disadvantages, and how to comply with the Safe Harbor. Read more