protection principles described in the Safe Harbor. AS NOTED ABOVE THIS SAFE HARBOR WAS INVALIDATED BY THE EUROPEAN COURT OF JUSTICE IN OCTOBER 2015 AND THE SUCCESSOR PRIVACY SHIELD WAS LIKEWISE INVALIDATED IN 2020. BUSINESSES CAN NOW CONSIDER THE DATA PRIVACY FRAMEWORK DISCUSSED BELOW. Self-Certification Under Safe Harbor and Privacy Shield. A Minnesota business that sought protection under the former safe harbor program or Privacy Shield could do so by self-certifying compliance with certain privacy practices and having a privacy policy that embodied the Safe Harbor or Privacy Shield Privacy Principles including Notice, Choice, Transfer to Third Parties, Security, Data Integrity, Access, and Enforcement. The privacy policy had to be made public and specifically state that the business adhered to the Safe Harbor or Privacy Shield Principles. These representations attesting to the Safe Harbor Principles are frequently found in website privacy policies. If so your business should review and update your website privacy policy as necessary. Enforcement. The enforcement principle required the business to have an independent third party to which individuals could turn for the investigation of unresolved complaints. Many businesses selected organizations such as TRUSTe, Council of Better Business Bureaus, the American Arbitration Association, or JAMS, to serve in this role. These organizations and others also offered assistance in the development of Safe Harbor or Privacy Shield compliance programs. Annual Renewal of Safe Harbor Mandatory. Upon submission by the Minnesota business of the self-certification form to the U.S. Department of Commerce, the materials were reviewed for completeness before the business was posted on the list of Safe Harbor or Privacy Shield companies. Self-certification was required annually for continued compliance with the Safe Harbor or Privacy Shield Principles. FTC Enforcement of Safe Harbor. In the wake of revelations by Edward Snowden about the National Security Agency (NSA) and U.S. government surveillance and the perceived lack of enforcement activities 149
Made with FlippingBook - Online Brochure Maker