SCI-TECH
Study: Gadget sales flat

Protest slams Dell's use of prison labor

Steve Jobs keeps Apple in the limelight

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD
U.S. spies 3 potential nuke sites

U.S.
10,000 refugees from Burundi coming to U.S.

ALLPOLITICS
Foley will name alleged abuser

LAW
Stunned relatives pack Iowa courtroom

ENTERTAINMENT
Rock 'n' roll genius getting his licks at 80

HEALTH
Seafood benefits outweigh risks, government says

TRAVEL
Machu Picchu can wait

CAREER
A well-balanced 'Day on the Job'

(MORE HEADLINES)

MAINPAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW

SCI-TECH

SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
CAREER
LOCAL
IN-DEPTH

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

U.S. plans series of 'safe harbor' briefings

From...

by Margret Johnston

(IDG) -- The U.S. Department of Commerce has signed up only 12 companies and organizations so far for its hard-fought "safe harbor" protections on data privacy, but government officials Thursday said they believe a series of planned seminars will increase the number and bolster the protections' legitimacy.

Experts from the U.S. government and the private sector will lead the seminars, which are designed to inform companies about safe harbor protections and advise them on how to develop privacy policies necessary to become eligible to enter the safe harbor.

Safe harbor went into effect Nov. 1 and is designed to provide some legal protection to U.S. companies and organizations that, as part of their European operations, gather personally identifiable data about people living there, including employees and customers. Safe harbor is designed to adequately meet the European Union's 1998 data privacy directive, which is more stringent than current U.S. privacy law.

MESSAGE BOARD

Security on the Net

No major Internet or high-tech companies are among the 12 organizations that have been certified. The most noteworthy names on the list are Dun & Bradstreet, whose business involves collecting, selling, and maintaining business-centric data from numerous clients worldwide, including many in Europe, and TRUSTe, a nonprofit privacy watchdog organization.

"We need more than 10 or 12 and we hope to increase that number," Michelle O'Neill, deputy assistant secretary for information technology at the Commerce Department, said at a Thursday briefing. "This is a tough agreement to swallow, but we want to get the message out, especially to small business."

IDG.net INFOCENTER

Related IDG.net Stories

Features

Visit an IDG site

IDG.net search

O'Neill stopped short of saying how many companies the department hopes to sign up.

One reason companies are not being certified is that they want to make sure they have considered all possible scenarios, especially those concerning liability, before they sign on the dotted line, said Lauren Hall, executive vice president of the Software and Information Industry Association (SIIA). There are a number of SIIA members that are very close to becoming certified under the safe harbor program, Hall added.

"We are confident that we can raise the profile of the safe harbor over the next several months and encourage companies to look at it carefully and give them the information that they need to make a good decision," Hall said. "For some of them, there are better solutions."

Another reason companies are not entering safe harbor is because they are not ready to endorse it, and because the EU data privacy directive has no authority beyond Europe, said Timothy Deal, senior vice president of the U.S. Council for International Business, in Washington.

The SIIA, the U.S. Council for International Business and the Washington, D.C., law firm Morrison & Foerster will participate in the seminars, the first of which is scheduled to take place Jan. 25 in Palo Alto, Calif. The other two will be held Feb. 7 in New York City and Feb. 14 in Dallas. The Commerce Department has set up a Web site that provides extensive information about safe harbor and includes a form that companies can use to certify themselves.

Under safe harbor, EU countries accept the notion that organizations that are certified are bound to adhere to seven principles, the most important of which are: notice, so the individual knows that data is being collected; access, so that the individual can view the data; and refusal, the ability to refuse to allow the data to be collected. Some European officials have been skeptical that safe harbor will be effective because of complicated provisions dealing with redress.

The Commerce Department and the European Union needed more than two years to negotiate the protections, culminating last July when the European Commission said it recognized safe harbor as adequate protection for EU citizens' privacy under the EU's data directive. The safe harbor agreement does not apply to financial services, however financial service companies can still voluntarily agree to sign up.