According to the Department of Commerce's Web site, Microsoft signed up Friday, on the heels of an appeals court ruling that reversed a judge's order to break up the company. Microsoft agreed to secure the offline, online, and manual transport of personal data from European countries to the United States. Personal data that Microsoft handles includes data analysis, product registration, and support information.
Intel agreed to comply with the Safe Harbor agreement last month. Intel receives sales and marketing data from European countries. "Safe Harbor gives us a way we can communicate to customers our privacy commitment," says Jeff Nicol, Intel's manager of corporate privacy programs. "Its something that can support Intel's customers around the world."
Another technology heavyweight, Hewlett-Packard, signed on to the Safe Harbor agreement earlier this year. But the response from U.S. companies hasn't been overwhelming. Only 71 companies are listed with the Commerce Department. To demonstrate compliance, U.S. companies must tell their customers and employees what personal data is collected, how it's used, and with whom it's shared. U.S. companies must also permit individuals to opt out of sharing personal information with third parties and give them access to their data to ensure that it's correct and updated. Registering with the Commerce Department and adhering to the data-protection pact is voluntary.
For some companies, meeting the European standards will become a cost issue, says Jason Epstein, an E-business attorney with Tennessee law firm Baker, Donelson, Bearman & Caldwell. "U.S. companies will have to do more work and spend more money to ensure compliance," he says. Epstein expects greater participation by U.S. companies in the Safe Harbor agreement as they expand their operations overseas. "The European Union has a lot of leverage with 15 member states and is becoming more powerful," he says. "As the economy becomes more global, companies will have to respect each other's laws."