It is time to review your company's Safe Harbor Program compliance.
Many entities joined the Safe Harbor, which is a program run by the U.S. Department of Commerce to enable cross-border transfer of personal data collected in the European Union ("EU"), on an assumption that it was not often enforced.
This appears to be changing.
On October 6, 2009, the FTC announced its second enforcement action under the EU Safe Harbor Program in four months. Six companies that had certified in the EU Safe Harbor Program allowed their certifications to lapse, but continued to represent to their users and to the public that they were "Safe Harbor Certified." The complaints, filed by the FTC, charge that World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC, all misrepresented their valid participation in the Program. Under the proposed settlements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy, security, or other compliance program sponsored by a government or any third party.
From its inception in 2000 until July 2009, the FTC had not brought a single enforcement action against a Safe Harbor Program participant, prompting many commentators to argue that the Program lacked any real enforcement teeth. The FTC's recent actions, however, may signal a new dawn of FTC interest in ensuring that Program particpants actually follow the rules.
Read the official FTC press release
here.
| 