Do you want to be Safe Harbor?

Executive Summary

In order to successfully establish an international e-commerce presence to increase profits and increase market share, IT departments' best course of action is to implement a national and global data privacy program that conforms to the seven principles of the U.S.-E.U. Safe Harbor agreement and certify it with the Department of Commerce (DoC). There are harsh criticisms concerning the DoC's governance of this Safe Harbor agreement and certification program, however a well governed and continually conforming privacy program will maintain an excellent data privacy posture. The essential components of a program are: privacy policy, information security infrastructure, safe harbor certification, and training; IT organizations need governance and control for program support as privacy risk is a serious issue. The benefits of this deployment posture organizations to enter EU e-commerce relationships, lead in data privacy programs, tout our global and national data policy, and the capacity to generate new revenue.

Problem Analysis

In order for us to enter in e-commerce communications with EU countries, you will need to conform to the U.S.-E.U. Safe Harbor agreement and will need to overcome political, administrative, and technical hurdles. Your employees will need training on this once all our program components have been developed, tested, and certified. Politically, this agreement is surrounded by criticisms concerning dispute resolution, accountability, and overall effectiveness. Mitigate this terrain with policies, strategies, and plans that are governed within your IT Governance model. Administratively, Safe Harbor audits show certified organizations fail to meet the required accountability concerning data usages. Your policies, plans, and procedures will provide the steps to surpass this challenge. Technically, verify your information security infrastructure can handle your data privacy needs and mesh it with your administrative documentation. The institution of this data privacy program also provides an opportunity to perform a health check of your IT governance lifecycle and uncover unknown shortcomings where IT can provide further business need support and value.

National and Global Privacy Policy

The U.S.-E.U. Safe Harbor agreement only calls for governance of personal data obtained from E.U. countries, but policy must integrate national data as well. Policy must support these five aims: Prevention, Detection, Containment, Deterrence, and Recovery. These aims shall protect the critical asset - personal data - and must be incorporated into an overall IT governance strategy, as well as being supported by data privacy plans and procedures. Deliver a draft policy to your organization after determining your strengths, weaknesses, and deficiencies, both internally to your IT department and to the needs of your organization's business units.

Information Security Infrastructure

Your program infrastructure must protect all of your targeted personal data and will be intertwined with governance and policy. Foremost, you must have administrative, logical, and physical controls in place to accurately secure and account for personal data, and this begins with maintaining a foundation of availability, integrity, and confidentiality, which are the three fundamental pillars of information security. This foundation and control combination - if effective - will safeguard your organization against many of the financial and reputation hits you might take if not established in this program for Safe Harbor certification. Interview business unit owners, run risk assessments, determine the appropriate course of action to ensure program effectiveness, and provide a full results briefing when completed. Additionally, your course of action should contain a training plan for our workforce to educate them about this program and their responsibilities, as human error is the number one risk you must mitigate.

Safe Harbor Certification

U.S.-E.U. Safe Harbor privacy principles will need to be integrated into your data privacy program assessments, governance, policies, procedures, and training. These seven principles are: Notice, Purpose, Consent, Security, Disclosure, Access, and Accountability. The DoC has specific definitions, checklists, forms, and guidance for certification for us to state your intentions of purpose, proportionality, and transparency with E.U. personal data. Oversee that you understand, comprehend, and comply these needs. We are confident this approach with policy, governance, assessment, structure, and training position us toward certification, leadership in national and international data security conformance, and continuing international business. Contact us for an assessment and Executive Plan today.


About Solutico:

Solutico's mission is to build top-performing and top-producing IT organizations through process and capability services by enabling their key business activities that create agile, efficient, and sustainable outcomes. We achieve our mission by providing aligned, repeatable, and measured solutions that are developed hand-in-hand between our customers and staff. Solutico provides customized services and products that enable organizations to optimize their output and assist in the attainment of their goals and objectives by meeting strategic objectives. Contact us for more information.

Our Location

Our headquarters are located in the heart of the D.C. Metro area:

3309 Wyndham Circle
Alexandria, VA 22302
(203) 982-6389
henry.wicko@solutico.co
Contact Us