The US Safe Harbor - Fact or Fiction? (2008)
7. Appendix – Methodology for this study
The study methodology is summarised in the following table:
Step |
Task |
Notes |
1 |
Capture raw data |
All 1,597 entries were downloaded on 17 October 2008. |
2 |
Check for doubles |
19 organisations were listed more than once or appeared in the list under multiple names. |
3 |
Check currency |
Organisations were categorised as not current if their status in the list had been marked as not current by the Department of Commerce and/or their date for renewal of certification had passed. |
4 |
Find privacy policies |
Privacy policies were accessed using the direct links provided in the list and / or the home URL of the organisation. This step required numerous additional steps to correct typos, search websites etc. |
5 |
Check privacy policies for mention of the Safe Harbor |
Privacy policies were searched for ‘Safe Harbor’, ‘Europe’ and variations of these terms. |
6 |
Check privacy policies for compliance with Principle 7 – Enforcement |
Privacy policies were searched for ‘dispute’, ‘complaint’, ‘panel’ and variations of these terms. The relevant sections of the policy were then assessed against the requirements of Principle 7. |
7 |
Check website for seals and trustmarks |
Websites were checked for relevant seals and trustmarks, including both authorised and unauthorised Department of Commerce seals, and private sector trustmarks such as TRUSTe, BBB and DMA. |
8 |
Check validity of trustmarks |
Where possible the validity of trustmarks was cross checked against lists maintained by private sector trustmark providers (only TRUSTe and BBB Safe Harbor maintain public lists). |
9 |
Quality control |
The study re-checked the ‘not current’ status of organisations. As the study took 4 weeks to complete a small number of entries were updated as organisations had renewed their certification. |