Records Analytics

View Other Events »

  Watch Webcast Now

  Request Whitepaper

Complete the form to receive the webcast whitepaper.

 

In 1998 the European Union passed comprehensive privacy legislation, known as the EU Data Protection Directive. It applies to businesses engaged in collection, processing or transfer of personal data from any EU Member State, and it deems the transfer of personal information from an EU Member State to a non-EU country as forbidden, unless the country provides an "adequate" level of privacy protection. The EU does not view the US as having an adequate level of protection. To avoid potential disruptions in trade between the US and the EU, the US – EU Safe Harbor Framework was developed as a means of compliance with the adequacy requirements of the EU privacy laws. Specific guidelines and principles were developed as a standard to assist with adequacy.

Organizations that decide to participate in the Safe Harbor program must comply with the Safe Harbor Framework’s requirements and publicly declare that they do so. Additional information related to certification can be found at www.export.gov/safeharbor/.

A Personal Data Inventory

To comply with the Safe Harbor Principles companies must prepare a comprehensive Personal Data Inventory that identifies what records and information exist, where they exist, how they are stored, what specific elements of PII they contain, how long they are retained and the associated business processes that move the information both internally and outside of the organization.

Confident Compliance

It is critical to involve the organization’s business people when preparing the Personal Data Inventory. This is the only way you will be in a position to validate who has access to and is processing personally identifiable data. This information should be overlaid with input from Subject Matter Experts that have knowledge around Access Controls, Email Administration, Information Security, Compliance and the like. Understanding both, the business processes, and the technology security processes is integral to identifying potential risks and weaknesses and ultimately confident Safe Harbor compliance.

About the Experts

Russ Cottle, Client Relations Director at Jordan Lawrence and oversees the Records Analytics™ services that provide complete, benchmarked retention schedules within 45 days for major corporations. He can be reached at 636.821.2240 or rcottle@jordanlawrence.com.

Zana Filipovic, Regional Manager at Jordan Lawrence and has worked with hundreds of companies to help them solve a variety of information management and compliance problems. She can be reached at 636.821.2238 or zfilipovic@jordanlawrence.com.