![[2018 Global Cloud Computing Readiness Scorecard]](/public/ssi/pubs/pub_1.png)
The US Safe Harbor - Fact or Fiction? (2008)
5.3. The Safe Harbor Certification Mark
The Department of Commerce recently issued a ‘Safe Harbor Certification Mark’ that can be used by organisations as a ‘visual manifestation of the commitment your organization makes when it self-certifies that it will comply with the U.S.-EU Safe Harbor Framework’.[12]
This is a dangerous development and is already resulting in misleading information for consumers. 26 organisations currently display the Certification Mark, but only 13 of these organisations are compliant with the basic Safe Harbor requirements.
The Certification Mark may imply that the site has been endorsed by the Department of Commerce, when the Safe Harbor is merely a self-certification scheme. The Certification Mark is supposed to be preceded by the words ‘we self-certify compliance with’, although these words do not appear in the graphic itself. One organisation is already using the graphic without the ‘self certify’ words.
The Certification Mark implies that all information provided to the site will be protected by the Safe Harbor. There is only one logo – rather than separate logos for human resources data, online data, offline data etc. Most organisations restrict the scope of their Safe Harbor membership to 1-2 categories of data.
There is also widespread evidence that organisations have simply made up their own Safe Harbor seals and added them to websites, surveys, emails etc. Consider the following examples:
|
Organisation |
Notes |
Logo |
This site states: ‘At the request of customers, here are graphic ‘badges’ you can place in your survey, email or web page to showcase your compliance.’ They are not actually members of the Safe Harbor. |
|
|
Their Safe Harbor Policy contains a large Department of Commerce logo without explanation. |
|
|
Their Privacy Notice has an unauthorised Department of Commerce Safe Harbor logo. |
|
|
This unauthorised Department of Commerce logo is prominently displayed on their home page. |
|
|
This unauthorised Department of Commerce logo appears on their home page next to the words ‘Safe Harbor’. |
|
|
This Department of Commerce logo appears on their Privacy Policy next to the word ‘Associations’. Their entire privacy policy is two lines long. |
|
In most jurisdictions there are serious repercussions if a company uses a Government coat of arms or logo on their website in a way that implies Government endorsement of the company. There is no indication of such concern in the United States and the Galexia study found that there are actually more unauthorised / misleading seals in use than there are authorised / accurate seals.
[12] <http://www.export.gov/SafeHarbor/Safe_Harbor_Instructions.asp>
print this page
sitemap
rss news feed
manage email subscriptions
