In late December, CASRO announced the launch of its Safe Harbor program, which is aimed at supporting CASRO member self-certification to the Department of Commerce’s Safe Harbor Framework in compliance with the EU Directive on Data Protection.
As described on the CASRO Web site, as an independent recourse mechanism providing third-party dispute resolution and enforcement services, CASRO will work with participating members to confirm that their privacy policies meet Department of Commerce requirements to participate in the Safe Harbor and that their adherence is properly documented. CASRO will also provide an independent, online complaint-handling service, in conjunction with the Council of Better Business Bureaus, free of charge to E.U. and Swiss residents.
The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks provide a method for U.S. companies to transfer personal data that originates in the European Union and Switzerland in a way that is consistent with the EU Data Protection Directive.
Research entities that receive personal data about EU citizens must be in compliance with the EU directive on data protection and one way to show compliance is to self-certify with the U.S. Department of Commerce that the business adheres to the seven Safe Harbor Privacy Principles:
1. Notice: notify individuals about the collection of their personal data.
2. Choice: give them choices regarding certain uses of their personal data.
3. Data integrity: ensure the accuracy and integrity of their personal data.
4. Access: allow access, and if necessary, correction of their personal data.
5. Security: protect the security of their personal data.
6. Onward transfer: comply with restrictions on further transfers of their personal data.
7. Enforcement: provide an independent dispute resolution mechanism for privacy complaints concerning European personal data that is collected, receiv...