The US Safe Harbor - Fact or Fiction? (2008)

Step

Task

Notes

1

Capture raw data

All 1,597 entries were downloaded on 17 October 2008.

2

Check for doubles

19 organisations were listed more than once or appeared in the list under multiple names.

3

Check currency

Organisations were categorised as not current if their status in the list had been marked as not current by the Department of Commerce and/or their date for renewal of certification had passed.

4

Find privacy policies

Privacy policies were accessed using the direct links provided in the list and / or the home URL of the organisation. This step required numerous additional steps to correct typos, search websites etc.

5

Check privacy policies for mention of the Safe Harbor

Privacy policies were searched for ‘Safe Harbor’, ‘Europe’ and variations of these terms.

6

Check privacy policies for compliance with Principle 7 – Enforcement

Privacy policies were searched for ‘dispute’, ‘complaint’, ‘panel’ and variations of these terms. The relevant sections of the policy were then assessed against the requirements of Principle 7.

7

Check website for seals and trustmarks

Websites were checked for relevant seals and trustmarks, including both authorised and unauthorised Department of Commerce seals, and private sector trustmarks such as TRUSTe, BBB and DMA.

8

Check validity of trustmarks

Where possible the validity of trustmarks was cross checked against lists maintained by private sector trustmark providers (only TRUSTe and BBB Safe Harbor maintain public lists).

9

Quality control

The study re-checked the ‘not current’ status of organisations. As the study took 4 weeks to complete a small number of entries were updated as organisations had renewed their certification.