Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » safe harbor fact or fiction 2008  

Subscribe to Galexia news and announcements.
More information »

Galexia's specialist management consulting services: Galexia has expert consultants in privacy, authentication, electronic commerce and new technology. We leverage our legal, business and technical knowledge to deliver successful business strategies to a diverse range of clients. Find out more »

[2018 Global Cloud Computing Readiness Scorecard]

2018 Global Cloud Computing Readiness Scorecard
Find out more »

The US Safe Harbor - Fact or Fiction? (2008)

[« previous] [next »] [up] [title page] [full contents]

5.6. Participation in privacy programs

The self-certification form asks organisations to ‘List any privacy programs in which your organization is a member for Safe Harbor purposes’. This is followed by a box where free text can be entered.

The exact purpose of this part of the self-certification is not clear. There is no requirement to join a privacy program. However, if text is entered here then it is important that the information is accurate. Care needs to be taken not to raise expectations that the ‘privacy programs’ play any formal role in the Safe Harbor arrangements (there is another box later in the form covering dispute resolution providers – who do play a formal role in the Safe Harbor).

Common entries in this section are TRUSTe (176), BBB (93) and DMA (67).

A range of additional organisations are listed as ‘privacy programs in which your organization is a member for Safe Harbor purposes’. However, none of these appear to be programs that cover privacy issues relevant to the Safe Harbor. Some entries are irrelevant or difficult to explain. Many entries appear to confuse privacy compliance with security compliance – and these entries generally indicate a lack of understanding about the Safe Harbor program. Entries include:

Privacy Program

Comments

American Arbitration Association

No relevant privacy program

American Society for Industrial Security (ASIS)

No relevant privacy program

Center for Internet Security

No relevant privacy program

Comodo

Comodo is a firewall provider

European Privacy Officers Network

No relevant privacy program

Gramm-Leach-Bliley Act (GLBA)

GLBA is federal legislation

HIPAA

HIPAA is federal legislation

International Association of Privacy Professionals

No relevant privacy program

International Security Forum

No relevant privacy program

ISO 9001

Not relevant

Privacy Alliance

Inactive

Statement on Auditing Standards No. 70: Service Organizations (SAS 70)

Not relevant

Tulsa Metro Chamber of Commerce

No relevant privacy program.

US Council for International Business (USCIB)

No relevant privacy program

Equifax

?

 

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]