Moderator: Hello and welcome to today’s podcast on strategies for addressing global data privacy laws.
Joining us for today’s discussion is Michael Zurcher, Director and Senior Counsel, for Privacy and Compliance at Iron Mountain. In his current role, he focuses on HIPAA, GLB, PCI DSS, “Safe Harbor,” European, Asian and South American data protection laws. Michael also focuses on general compliance, regulatory matters, including building and managing policies and controls, providing training, conducting risk assessments, monitoring compliance functions and creating and sustaining awareness of risks.
Michael Zurcher: Good morning. Good afternoon. Thanks for having me.
Moderator: First, can you tell us about where we stand with the “Safe Harbor?” What is it and what should companies do after the European Court of Justice declared it invalid?
Michael Zurcher: The Safe-Harbor is an agreement between Europe and the U.S. under which Europe recognizes those U.S. companies that certify under the framework to comply with European privacy standards. As many of you may know, last October the European Court of Justice determined that U.S.-certified companies cannot guarantee compliance with European privacy standards b/c the US government can demand access to the information on a large scale (Edward Snowden).
US based companies and their European partners that export personal data to the US and that used to rely on the S/H now need to look at other options which often means executing the so-called standard contractual clauses or implementing the so-called binding corporate rules.
The European data protection authorities have given European companies a grace period until the end of January 2016 to implement a new legal process if they want to continue sending personal data to US companies that are S/H certified. If you aren’t certified and you need to work with European partners, you may be running out of time. Is there an alternative? Will there be a Safe Harbor 2? The answer is yes.
The EU and U.S. are working on a new S/H framework, and there is currently a bill before the U.S. Senate that will add an important additional safeguard.
Well that’s all the time we have today. Thank you again to Michael Zurcher for joining us. For more information on Safe Harbor, visit the Iron Mountain blog page for a recent blog by Michael on this topic. Thank you again for your time, and have a great day.