Any Port in a Storm
Safe Harbor was established in 2000, and it is designed to provide legal protection to U.S. companies and organizations that, as part of their European operations, gather personal data about people living there, including employees and customers. Companies that sign up for Safe Harbor avoid the prospect that the EU might perfunctorily shut down their network operations from Europe. With Safe Harbor, the EU can spot-check and, if it doesn't like what it sees, it can complain to the Federal Trade Commission. Over 100 firms have signed up for Safe Harbor.
It's not perfect, however. Woe to those who run afoul of the data police, which can mete out fines and even cut off data flow if they wish. When Microsoft quarreled with Spanish authorities over user data it had collected for its Windows 98 rollout, Spain slapped Microsoft with a monetary fine. Microsoft, like a growing number of other firms, has joined Safe Harbor to assure Europe of its adequacy in data protection and, more importantly, to keep business running smoothly.
The intent of the European Commission (EC) Data Protection Directive has moved to other countries. In particular, countries with data privacy legislation include Australia, Hong Kong, and New Zealand. In Mexico, the Federal Law to Protect Personal Data was approved by the Mexican Senate on April 30, 2002. The senate-approved version of Mexico's data privacy law is modeled on Spain's data protection law.
As electronic commerce grows, new laws, regulations, and standards are being established that force the IT department to be not only technology experts, but also legal and security experts. As with software installations, working with an expert who understands the present and future issues can save a lot of expensive trial and error.