Is Safe Harbor necessary?

The Safe Harbor framework deals with privacy protection around the transfer of personal data between organizations in European Union (EU) member states to organizations located in the United States. This article explores the purposes and requirements of the Safe Harbor framework. It also provides information for US-based organizations who may participate in the Safe Harbor framework.

What is Safe Harbor?
In October 1998, the European Commission Directive on Data Protection went into effect. The Directive prohibited the transfer of personal data from EU member states to non-EU nations that did not meet the adequacy standard of privacy protection. There are significant differences [...]


Firesheep & User Privacy

Privacy risks are inherent to browsing and interacting online. The recently developed tool, Firesheep, draws attention to user vulnerabilities in web sessions. This article discusses some threats of HTTP session hijacking, as well as potential methods of reducing such threats.

HTTP Session Hijacking
Typically, users logging into a web site are requested to submit their user name and password. The server then verifies this information with a matching account. Once verified, the server sends back a cookie that is used by the user’s browser for subsequent requests. This initial login process is normally protected through encryption, however, the rest of the HTTP [...]


Identity Theft Task Force Recommendations

In May 2006, an Executive Order of the President created the Identity Theft Task Force. The Task Force includes members of several Federal agencies and departments. In September 2006, the Task Force released a number of recommendations ahead of the May 2007 document “Combatting ID Theft: Strategic Plan” in order to help agencies get a head start on the growing problem of identity [...]


Safe Harbor Compliance

Safe Harbor is an advantageous agreement between the United States and the European Union that governs the protection of data during transfer from the E.U. to the U.S. American companies wishing to do business with companies in the E.U. may receive certification, stating they have implemented data protection principles that are similar and equal to those of the E.U. Data Protection Directive, and are then allowed unrestricted data transfers with entities in the E.U. Recently, the FTC– the U.S. body governing enforcement of Safe Harbor– has begun to crack down on U.S. companies claiming Safe Harbor compliance, but failing to implement the required protection standards. Multi-national companies must now take a strong look at their privacy policies and notices to ensure they are Safe Harbor compliant and avoid Federal [...]


Amazon continues big business' Big Brother thinking, with a very Orwellian twist

Seems Amazon has not been reading up on their recent history. For some reason, most consumers don’t like it when you quietly make changes without asking. Amazon is re-learning the lesson through their Kindle electronic book readers and Whispernet service. They removed unauthorized copies of books that made their way onto the Kindle store and end book readers, angering customers. The author and book in question – George Orwell and [...]