FTC Enforces EU-U.S. Safe Harbor Framework


Ann Killilea urged U.S.-based multinationals to self-certify their compliance with the U.S.-EU safe harbor framework on data protection, which she said may require them “to develop, sometimes for the first time, an enterprise-wide data protection program.” Because any company that self-certifies under the safe harbor framework should check its certification status, Ms. Killilea recommended that companies take it one step further and “institute a systemic reminder six months prior to the recertification date that triggers compliance review activity with a due date for completion prior to the recertification deadline.”