Safe Harbor report

This report displays European Safe Harbor issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.

Why it matters

The European Union's comprehensive privacy legislation, the Directive on Data Protection, requires that transfers of personal data take place only to non-EU countries and regions that provide an adequate level of privacy protection. The Safe Harbor legislation applies to U.S. headquartered organizations, U.S. subsidiaries of companies from countries and regions other than the United States, and business partners of European businesses. Although the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Community; as such, the U.S. Department of Commerce developed a "safe harbor" framework to streamline the process for U.S. companies to comply with the EU Directive:
  • Notice to individuals about the specific purposes of the data collection
  • Choice to opt-out of disclosure to third-parties or additional uses (opt-in for sensitive information)
  • Require third-party agents who receive personal information to provide the same level of privacy protection
  • Allow means for an individual to access personal information held
  • Take reasonable precautions from loss, misuse or unauthorized access
  • Keep data reliable for its intended use
  • Provide a readily available recourse mechanism
  • Provide procedures verifying implementation of principles

Best practices for complying with Safe Harbor

  • Provide comprehensive privacy notice detailing all data collection and purposes
  • Provide opt-in/opt-out mechanisms on data collection forms
  • Review third-party websites for compliance with key privacy principles
  • Implement security safeguards over the collection of personal information online, particularly sensitive information
  • Implement ongoing monitoring procedures to verify ongoing compliance with the EU Safe Harbor principles online