Same Time Next Year
Does your company participate in the U.S.-EU Safe Harbor Framework?
It's a voluntary international privacy program administered by the Department of Commerce that lets companies transfer data from the EU to the U.S. in compliance with EU law. To participate in the Safe Harbor Framework, the first step is for a company to certify that it abides by seven principles: notice, choice, onward transfer, security, data integrity, access, and enforcement. But the obligation doesn't end there. A company also has to annually reaffirm that it's still in compliance. That's why saying you have a valid Safe Harbor certification - but failing to self-certify once a year - is a deceptive practice, in violation of the FTC Act.