European Union Data Protection Directive
UK Data Protection Act
Canada Personal Information and Electronic Documents Act
PSC certifies entities where the protection of personally identifiable information (PII) is of critical importance. This process includes a review of applicability; a full assessment of principles; documentation of policies and procedure that will support the principles; assistance in implementing the policies and procedures; testing of the effectiveness of controls; and, completion of the US Department of Commerce Certification, if needed.
The European Union Data Protection Directive (officially Directive 95/46/EC) was enacted In 1980 in an effort to create a comprehensive data protection system throughout Europe. There are seven principles governing the recommendations for protection of personal data:
- Notice - notice should be given when data is being collected
- Purpose - the purpose for which the data is collected should be clearly stated and not for any other purposes
- Consent - consent must be obtained before data is disclosed
- Security - collected data must be kept secure
- Disclosure - who is collecting the data should be available
- Access - data can be accessed and updated if incorrect
- Accountability - data holders are accountable for meeting these principles
Within the USA there is no overall federal data protection law similar to the EU legislation. The US has adopted a combination of legislation, regulation, and self-regulation.
For companies that are being required to meet the EUDD there is the US Department of Commerce Safe Harbor Principles.
PSC provides an assessment service to certify entities to these principles. This process includes a review of applicability; a full assessment of the seven principles; documentation of policies and procedure that will support the principles; assistance in implementing the policies and procedures; testing of the effectiveness of controls and completion of the required certification processes at the US Department of Commerce web site.
Please contact us for more information
Read more about the EU Data Protection Directive
Read more about the UK Data Protection Act
Read more about the Canada Personal Information and Electronic Documents Act