Thanks to all of you who replied on this one - I think the main point
is that you can't much rely on the Safe Harbor agreement (at the
moment) if you're sending to the US.
Regards
Lucy
Date sent: Thu, 18 Jan 2007 15:24:35 +0000
Send reply to: Simon Richardson <[log in to unmask]>
From: Simon Richardson <[log in to unmask]>
Subject: Re: [data-protection] Safe harbor / harbour
To: [log in to unmask]
> >Does anyone know anything about the "safe harbor" framework which
> US "firms"
> >sign up to? Looking through the lists and "industry sectors" on the website
> >I can't see a single public organisation - does this mean that public
> >organisations e.g universities can't sign up to it, and hence none of them
> >are bound by data protection principles? I'm thinking about the possibility
> >of transferring personal data to recipients at other universities. It seems
> >odd that there is no obligation or option for public organisations to sign
> >up too.
> >Regards
> >Lucy Fincham
>
> Lucy
>
> Comparatively few organisations have signed up to Safe Harbor. As has
> already been said, it is not binding and was set up as a way of expediting
> trade – and is therefore very much focussed on industry rather than the
> public sector.
>
> However, personal information can still be transferred to the USA - and
> adequately protected - even when Safe Harbor protections are not in place.
>
> In any given case, it is for the Data Controller to assess whether there
> are appropriate safeguards for the processing (the ICO would only
> expect/need to approve these in exceptional circumstances). They should
> take into account factors such as:
>
> - the nature of the personal data (the more sensitive or valuable the
> information, the greater the safeguards should be)
> - the purposes for which the data will be processed
> - laws in force. The USA is not recognised as a ‘safe’ country because it
> does not have federal data protection laws, but there may be state laws in
> place that will cover the receiving organisation and give protection
> - enforceable codes of conduct which will apply to the recipient
> organisation
> - extra security measures or contracts put in place to protect the data
> subject.
>
> The ICO has useful guidelines on “International transfers of personal
> information: General advice on how to comply with the eighth data
> protection principle” on their website.
>
> Hope that helps
>
> Simon
>
> Simon Richardson
> Information Governance Officer
> Gateshead PCT
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|