Part one can be found here. Part two examines the ‘safe harbour’ approach to cloud data, and answers the question: who’s ultimately responsible for data in the cloud?
In 2000, the US Department of Commerce created the Safe Harbour framework to ensure organisations put appropriate controls in place for the protection of data when handling European and UK companies’ data that may be stored in the USA (for example an American company who may have regional offices in the UK, France and Germany that keeps employee data such as employment, tax and personal details centrally in the USA).
The Safe Harbour directives consist of seven rules that have been established specifically for US companies to comply with EU data storage directives.
The ‘safe-harbour’ approach, which allows for data on EU subjects to be moved out of the EU, does not have the adoption you may think, even if you …