'Safe Harbour' for US-based Hosting
Managing personal data across the interweb has been one of the major issues over the last decade.It is true to say that there is so much personal, even intimate, information about millions of people on the internet that it really begs the question- is there such a thing as personal privacy any more?
When people you don't know can search your name (or your business) and find out things about you that you don't expect to be there it can sometimes be a frightening experience. Faceboook is probably the one that comes to mind for most people but there are degrees of privacy at much deeper levels that should be maintained as a matter of course. Things like your medical information, credit history, family structure, buying habits, purchasing details and of course your credit card information.
Some countries are more responsible than others for maintaining levels of security around personal data and these same countries have been developing a framework to build privacy into the interweb since the 1990's. THe European Union introduced legal directives back in 1998 and set the standards by which all countries should manage the integrity of peoples information on the Web.
Laws on privacy in the European Union are strict.
So, while the United States and the European Union share the goal of improving privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union. In order to bridge these different privacy strategies and provide a common structure for U.S. companies to comply with the Directive, the U.S.A. in consultation with the European Commission developed the "Safe Harbour" principle to provide the information a company should need to evaluate – and then join – the Safe Harbour framework.
The Safe Harbour Privacy Principles allows American companies to certify they meet the requirements by registration by; adhering to and demonstrating compliance with the common directive.
- Notice - Individuals must be informed that their data is being collected and about how it will be used
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other companies that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it, if inaccurate.
- Enforcement - There must be effective means of enforcing these rules.
So, as a UK company you need to know that your compliance to the above is actually a legal one and if your website collects and holds or transfers any data whatsoever from your visitors and users, then you must comply with the rules above. The penalties for non-compliance are heavy.
The introduction of Safe Harbour has meant that finally, as companies and organisations in the USA and Europe begin to adopt the common directives, that the flexibility of hosting websites in the USA becomes a more accepted practice and where certain companies previously had to keep their data within the European framework, these same companies now have much more flexibility to obtain major cost savings and enhanced services operating out of the USA.
Parrot Hosting is an SME Hosting company who offer European and UK-based hosting from only £49.99 a year.