As I continue to work with global organizations, I’m a bit surprised to see a continued effort around obtaining employee consent for the export of data outside the home country (or EU). While this may have been the traditional method for compliance to EU and other data protection standards, it was quickly realized that traditional data consents from every employee were quite unwieldy. Let’s face it, the data in every single application that you have will eventually find its way outside of the home country borders. This might be in some form of reporting or application hosting. Either way, the probability of export across borders is quite high and the feasibility of obtaining a signoff for each possible application that might be transported across borders is quite low.
For a global organization, if you want to be able to have visibility of your entire workforce, you will ultimately be forced to transport protected employee data across borders. One of the simplest ways of ensuring compliance is the US Department of Commerce’s Safe Harbor. To certify to Safe Harbor, several principles must be met:
- Notice – Individuals must be informed that their data is being collected and about how it will be used.
- Choice – Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security – Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity – Data must be relevant and reliable for the purpose it was collected for.
- Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
- Enforcement – There must be effective means of enforcing these rules. ((Taken directly from Wikipedia. http://en.wikipedia.org/wiki/Safe_Harbor_Principles))
The EU has also reviewed Safe Harbor and found it to be an adequate protection of employee data. To learn more about safe harbor, check out the Wikipedia entry on it. Many more links from there for you to view.
