March 13, 2001, 1:46 PM — Hewlett-Packard Co. this week signed up to adopt the U.S.-Europe "safe harbor" provisions on data privacy, making it the largest company to do so thus far and providing the struggling privacy effort with its biggest boost since the arrangement took effect in November.
Moreover, the computer and software vendor said the safe harbor privacy protections negotiated by the U.S. Department of Commerce and European officials will now be applied to all of its data transactions. That vow could lend credence to the idea that the accord may help raise privacy standards in the U.S., as well as accomplish its main goal of providing a self-regulatory framework for companies doing business in Europe.
The safe harbor agreement provides a manageable legal and ethical means to move data between the U.S. and Europe, said Barbara Lawler, consumer privacy manager at HP. "If corporations are serious about following the self-regulation approach, rather than having to deal with privacy regulations, then this is what they should be looking at," she added.
But to date, only 21 companies have signed up for the voluntary safe harbor certification program, which provides legal protection from Europe's tough privacy laws to U.S. companies that transfer information about employees or customers out of European databases. Commerce Department officials have been trying to boost that number in order to bolster the legitimacy of the safe harbor deal.
Companies that agree to adhere to the safe-harbor provisions have to promise to give European Union residents some basic privacy protections, such as notices about how personal information will be used and the ability to opt in or opt out from having sensitive data disclosed to other businesses. Access to personal data is also guaranteed, as is the right to amend and correct the data.
Most of the companies that have signed up, with the exception of HP and The Dun & Bradstreet Corp. in Murray Hill, N.J., are small to medium-size businesses. Many larger Fortune 500-type companies are still "investigating their options or taking a wait-and-see approach," said Jeff Rohlmeier, a trade official at the Commerce Department.
American companies have been "sort of reluctant to be first out of the box" for fear of being singled out for scrutiny by European authorities, said Barbara Wellbery, who was the principal negotiator of the agreement while she worked at the Commerce Department. "So the more big companies on the list, the better," added Wellbery, who is now an attorney in the Washington office of San Francisco-based Morrison & Foerster LLP.