The Safe Harbor

Comment from Joe Jerome over social media.


  1. David Hoffman
    One of the comments that has come in over social media (thank you Joe Jerome) is that it seems like the safe harbor allows companies to “buy their way out out of penalties with a privacy program”. The intent was not to allow companies to “buy their way out”, but instead to reflect the reality that privacy issues can happen no matter how much a company works to demonstrate responsible data handling practices. We wanted to recognize that fact, provide a carrot to having companies take the extra step of having a corporate officer conduct a review of the program, and still allow the FTC to take away the safe harbor status if the company is a repeat offender. My first hand experience at Intel is that it makes a big difference to have corporate officers agree to sign a certification, and it is far from just a paper exercise. I borrowed the language in the bill from Sarbanes Oxley. Intel holds that privacy is a fundamental right, so it seems appropriate to use some of the same standards we use for responsible handling of financial reports. Thoughts?

  2. Peter Swire
    Before I saw this item I had already commented on the similarity to Sarbanes Oxley in the thread on Safe Harbor Certification. I agree with David Hoffman’s response to Joe Joe Jerome – Sarbanes Oxley provides an example of a strict regulatory regime, and certifications have played a central part in making it a strict regime.