We assess and document compliance to:
- Sarbanes-Oxley (SoX)
- Gramm-Leach-Bliley Act (GLBA)
- Payment Card Industry (PCI) Data Security Standard
- N.I.S.T SP 800-30
- I.S.O. 27001/I.S.O. 17799
- SAS – 70
- Safe Harbor Act
Safe Harbor Act
The Safe Harbor Act, also known as the European Union Data Protection Directive, went into effect in October 1998. It prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy.
The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these different privacy approaches, the Directive could have significantly hampered the ability of U.S. companies to engage in many trans-Atlantic transactions.
In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework. The safe harbor -- approved by the EU in 2000-- is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides "adequate" privacy protection, as defined by the Directive.
The Safe Harbor Act provides a number of important benefits to U.S. and EU firms. Benefits for U.S. organizations participating in the safe harbor include:
- All 25 member states of the European Union will be bound by the European Commission's finding of adequacy.
- Companies participating in the safe harbor will be deemed adequate and data flows to those companies will continue.
- Member state requirements for prior approval of data transfers either will be waived or approval will be automatically granted.
- Claims brought by European citizens against U.S. companies will be heard in the U.S., subject to limited exceptions.
Please submit your payment of $999.00 for a complete Regulatory Compliance Assessment for one applicable regulation.