Thirteen companies settled with the FTC yesterday for falsely claiming they were certified and in compliance with the US-EU or US- Swiss Safe Harbor Framework.
Compliance with the US-EU and US-Swiss Safe Harbor Frameworks means companies follow established requirements for meeting adequacy standards to transfer customer or employee data from the European Union or Switzerland to the United States. To be in compliance, companies must self-certify with the Department of Commerce and are required to show compliance with the seven privacy principles. These principles are notice, choice, onward transfer, security, data integrity, access and enforcement. This self-certification needs to be renewed annually.
Of the 13 companies that settled, seven were previously in compliance with the US-EU and US-Swiss Safe Harbor Frameworks but failed to renew their self-certification.
The FTC has demonstrated that it monitors and cracks-down on violations of US-EU and US-Swiss Safe Harbor Frameworks. Prior to yesterday’s announcement, the FTC has settled with more than two-dozen companies allegedly making false claims regarding Safe Harbor compliance.
This news underscores the importance of maintaining US-EU and US-Swiss Safe Harbor compliance. TRUSTe can help companies to conduct gap assessments, remediate practices to stay compliant, and prepare for Safe Harbor self-certification. To find out more, click here.