HP embraces U.S.-Europe 'safe harbor' privacy deal
Hewlett-Packard Co. this week signed up to adopt the U.S.-Europe "safe harbor" provisions on data privacy, making it the largest company to do so thus far and providing the struggling privacy effort with its biggest boost since the arrangement took effect in November.
Moreover, the computer and software vendor said the safe harbor privacy protections negotiated by the U.S. Department of Commerce and European officials will now be applied to all of its data transactions. That vow could lend credence to the idea that the accord may help raise privacy standards in the U.S., as well as accomplish its main goal of providing a self-regulatory framework for companies doing business in Europe.
The safe harbor agreement provides a manageable legal and ethical means to move data between the U.S. and Europe, said Barbara Lawler, consumer privacy manager at HP. "If corporations are serious about following the self-regulation approach, rather than having to deal with privacy regulations, then this is what they should be looking at," she added.
But to date, only 21 companies have signed up for the voluntary safe harbor certification program, which provides legal protection from Europe's tough privacy laws to U.S. companies that transfer information about employees or customers out of European databases. Commerce Department officials have been trying to boost that number in order to bolster the legitimacy of the safe harbor deal.
Companies that agree to adhere to the safe-harbor provisions have to promise to give European Union residents some basic privacy protections, such as notices about how personal information will be used and the ability to opt in or opt out from having sensitive data disclosed to other businesses. Access to personal data is also guaranteed, as is the right to amend and correct the data.
Most of the companies that have signed up, with the exception of HP and The Dun & Bradstreet Corp. in Murray Hill, N.J., are small to medium-size businesses. Many larger Fortune 500-type companies are still "investigating their options or taking a wait-and-see approach," said Jeff Rohlmeier, a trade official at the Commerce Department.
American companies have been "sort of reluctant to be first out of the box" for fear of being singled out for scrutiny by European authorities, said Barbara Wellbery, who was the principal negotiator of the agreement while she worked at the Commerce Department. "So the more big companies on the list, the better," added Wellbery, who is now an attorney in the Washington office of San Francisco-based Morrison & Foerster LLP.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
