The Safe Harbor agreement quietly turned two years old last November, and somebody ought to say it: Thank you, Department of Commerce! Thank you for giving American industry a new alternative for doing business with Europe. Most of us haven't joined the harbor, but we like having the choice.
The Safe Harbor accord allows U.S. companies to proclaim that they follow European-style privacy practices. Doing so enables these companies to receive personal data from Europe with fewer bureaucratic requirements.
Why is the Safe Harbor a success? Because 6% of the Fortune 500 -- representing $587 billion in annual revenues -- have joined. In fact, one new company is joining every two days. It's a success because small businesses have a meaningful new way to differentiate themselves in a crowded market. I like the agreement most of all because it's voluntary. The Safe Harbor is an example of government doing good for industry, saving jobs on both sides of the Atlantic.
 |  |
| Cline manages data privacy at Carlson Companies Inc., a Minneapolis-based group of businesses in the travel, hospitality and marketing industries. Contact him at privacy@computerworld.com. See more Jay Cline columns. |
So who are these companies joining the harbor? I combed through the 295 member profiles listed on the Department of Commerce's Web site and noticed some distinct trends. The diversity of the U.S. economy is represented, from manufacturers to retailers to pharmaceuticals. The members hail from over 40 different industries, indicating that the agreement has broad appeal.
But the overwhelming concentration of companies is in the information and technology industries. Over one-fourth of the registrants -- such as Axciom and DoubleClick -- specialize in the collection and aggregation of personal information. Another 33%, including Microsoft, IBM and Intel, provide the products and services to manage and move that information. These are exactly the people we hope would understand the importance of data privacy.
The reasons companies cite for joining the harbor also mirror this emphasis on cyberspace. Over 80% say their registrations cover their online data processes. By contrast, about half (41% to 54%) of the registrants signed up for the other possible choices: off-line data, manually processed data and human resources data.
It seems another reason companies are joining is to please their European clients. About three-fourths of the Safe Harbor members provide business-to-business services in the EU. Safe Harbor membership may be their way of saying, "You can trust us -- we're not like the rest of those cowboys."
The picture isn't all rosy, however. My analysis found that 11% of the Safe Harbor members don't even post their privacy policies on their public Web sites, and those policies that are online don't always reflect all seven Safe Harbor principles. Ten members have lapsed registrations. The biggest gap is the absence of the huge U.S. financial companies and telecommunications common carriers. That's because the U.S. and the EU haven't agreed on the terms by which these firms would join the harbor.
Nonetheless, the future looks good for the Safe Harbor. At current rates, 500 companies could be members by next Christmas. In many industries, particularly in business-to-business markets, it will soon be the rule rather than the exception to join. The Safe Harbor model will be replicated in other countries and in other legislative arenas where people want businesses to take voluntary action to promote social ideals.
Bill Clinton wanted a legacy, and in a strange way, this may be it. Hats off to the Department of Commerce staff for their Yankee ingenuity.