{"id":2518,"date":"2013-07-09T00:00:00","date_gmt":"2013-07-09T00:00:00","guid":{"rendered":"http:\/\/otava.test\/how-safe-harbor-affects-cloud-service-providers\/"},"modified":"2013-07-09T00:00:00","modified_gmt":"2013-07-09T00:00:00","slug":"how-safe-harbor-affects-cloud-service-providers","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/","title":{"rendered":"How Safe Harbor Affects Cloud Service Providers"},"content":{"rendered":"<p dir=\"ltr\">Earlier this year in April, the U.S. Department of Commerce\u2019s International Trade Administration (ITA) released a document to provide guidance on the use of U.S. cloud service providers by those in the European Union (EU) regarding personal data hosting and privacy.<\/p>\n<p dir=\"ltr\">Specifically, the U.S.-EU Safe Harbor set of policy standards facilitates a bridge to close the gap between Europe\u2019s standardized data privacy laws and the U.S.\u2019s more varied data privacy laws, each custom and different per private sector standards (i.e., <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/hipaa-compliant-cloud\/\">HIPAA<\/a> for healthcare; <a href=\"https:\/\/www.onlinetech.com\/compliant-hosting\/pci-compliant-hosting\/overview\">PCI DSS<\/a> for ecommerce; <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/soc-1-2-3-compliant-cloud\/\">SOX<\/a> for financial reporting, etc.).<\/p>\n<p dir=\"ltr\">For a detailed description of the Safe Harbor Privacy Principles, read <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/what-is-u-s-eu-safe-harbor\/\">What is U.S.-EU Safe Harbor?<\/a><\/p>\n<p dir=\"ltr\">According to the ITA, Safe Harbor is applicable to cloud service agreements, and cloud service providers are required to enter into a contract, regardless of compliance status and even if they receive personal data only for processing.<\/p>\n<p dir=\"ltr\">The document also addresses another publicly issued opinion released last year by the Article 29 Data Protection Working Party that critiqued the use of Safe Harbor and cloud service provider &#8211; a few include:<\/p>\n<ol>\n<li>Safe Harbor allows for the possibility for data that has originally been transferred to a Safe Harbor compliant data center provider\/processor to be transferred to another country. The ITA addresses this by emphasizing that all cloud service provider subcontractors must also sign a written agreement requiring the same level of data protection as the Safe Harbor Privacy Principles.<\/li>\n<li>Companies that export data shouldn\u2019t merely rely on the data center provider\u2019s word that they have a Safe Harbor certification, but that they should get proof and require evidence that they follow the actual principles. While the ITA provides a list of certified companies on their website, another way to verify ongoing security practices is to check their compliance audit reports &#8211; find a full list of which compliance regulations apply to cloud service providers and what they mean in <a href=\"https:\/\/otavawebsite.wpengine.com\/reference\/data-center-standards-cheat-sheet-from-hipaa-to-soc-2\/\">Data Center Standards Cheat Sheet &#8211; From HIPAA to SOC 2<\/a>.<\/li>\n<li>Other issues that Safe Harbor does not address include data retention policies, loss of governance, insufficient audit trails or isolation failures. However, the ITA recommends that the cloud service provider and client address the technical and security requirements in their contract, and that the Safe Harbor principle framework is not appropriate for said issues.<\/li>\n<\/ol>\n<p>Essentially, the ITA recognizes that while Safe Harbor is relevant when it comes to cloud computing services and European data\/companies, it is not the all-encompassing rule for determining other cloud security responsibilities.<\/p>\n<p>Each industry and individual organization should have custom data security requirements and adhere to cloud security best practices. Conducting a risk analysis assessment for your own organization can help pinpoint your business workflow model and identify critical data and potential vulnerabilities when it comes to data in transit and at rest.<\/p>\n<p>Read the <em><a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/cloud-computing\/top-5-tips-for-cloud-computing-security\">Top 5 Tips for Cloud Computing Security<\/a><\/em> for more about how to ensure your cloud service provider\/data center operator takes security seriously to protect your critical data.<\/p>\n<p>Related Articles<br \/>\n<strong><em><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/cloud-based-disaster-recovery\/\">Cloud-Based Disaster Recovery<\/a><\/em><\/strong><br \/>\nCloud-based disaster recovery can streamline data backup and recovery times, useful for mission-critical applications and data required to be up and running at all times. Read below for an excerpt about virtualization and disaster recovery from our newest white paper, \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/cloud-based-disaster-recovery\/\">Continue reading \u2192<\/a><\/p>\n<p><em><strong><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/precautions-with-the-hipaa-cloud-for-healthcare-software-as-a-service-saas-companies\/\">Precautions with the HIPAA Cloud for Healthcare Software as a Service (SaaS) Companies<\/a><\/strong><\/em><br \/>\nA recent Google search brought me to a health IT blog, Life as a Healthcare CIO, and the post entitled The Reality of SaaS. The author discusses whether or not SaaS\/cloud computing is appropriate for EHR (electronic health record) hosting \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/precautions-with-the-hipaa-cloud-for-healthcare-software-as-a-service-saas-companies\/\">Continue reading \u2192<\/a><\/p>\n<p><em><strong><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/state-of-cloud-security-vetting-applications-and-cloud-providers-for-compliance-and-security\/\">State of Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security<\/a><\/strong><\/em><br \/>\nThe latest report from the Ponemon Institute, located in Traverse City, Michigan, sought to analyze trends in cloud computing security among organizations that use software as a service (SaaS) and infrastructure as a service (IaaS). Only half of organizations are \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/state-of-cloud-security-vetting-applications-and-cloud-providers-for-compliance-and-security\/\">Continue reading \u2192<\/a><\/p>\n<p>References:<br \/>\n<a href=\"https:\/\/searchcloudsecurity.techtarget.com\/tip\/Article-29-Working-Party-cloud-computing-opinion-Blow-to-Safe-Harbor\">Article 29 Working Party Cloud Computing Opinion: Blow to Safe Harbor?<\/a><br \/>\n<a href=\"https:\/\/www.huntonprivacyblog.com\/wp-content\/uploads\/2013\/04\/Safe-Harbor-and-Cloud-Computing-Clarification_April-12-2013_Latest_eg_main_060351.pdf\">Clarifications Regarding the U.S.-EU Safe Harbor Framework and Cloud Computing<\/a> (PDF)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this year in April, the U.S. Department of Commerce\u2019s International Trade Administration (ITA) released a document to provide guidance on the use of U.S. cloud service providers by those in the European Union (EU) regarding personal data hosting and privacy. Specifically, the U.S.-EU Safe Harbor set of policy standards facilitates a bridge to close the gap between Europe\u2019s standardized data privacy laws and the U.S.\u2019s more varied data privacy laws, each custom and different per private sector standards (i.e., HIPAA for healthcare; PCI DSS for ecommerce; SOX for financial reporting, etc.). For a detailed description of the Safe Harbor Privacy Principles, read What is U.S.-EU Safe Harbor? According to the ITA, Safe Harbor is applicable to cloud service agreements, and cloud service providers are required to enter into a contract, regardless of compliance status and even if they receive personal data only for processing. The document also addresses another publicly issued opinion released last year by the Article 29 Data Protection Working Party that critiqued the use of Safe Harbor and cloud service provider &#8211; a few include: Safe Harbor allows for the possibility for data that has originally been transferred to a Safe Harbor compliant data center provider\/processor&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2518","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How Safe Harbor Affects Cloud Service Providers | OTAVA<\/title>\n<meta name=\"description\" content=\"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Safe Harbor Affects Cloud Service Providers\" \/>\n<meta property=\"og:description\" content=\"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-07-09T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"How Safe Harbor Affects Cloud Service Providers\",\"datePublished\":\"2013-07-09T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\"},\"wordCount\":696,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\",\"url\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\",\"name\":\"How Safe Harbor Affects Cloud Service Providers | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-07-09T00:00:00+00:00\",\"description\":\"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Safe Harbor Affects Cloud Service Providers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How Safe Harbor Affects Cloud Service Providers | OTAVA","description":"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/","og_locale":"en_US","og_type":"article","og_title":"How Safe Harbor Affects Cloud Service Providers","og_description":"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.","og_url":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/","og_site_name":"OTAVA","article_published_time":"2013-07-09T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"How Safe Harbor Affects Cloud Service Providers","datePublished":"2013-07-09T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/"},"wordCount":696,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/","url":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/","name":"How Safe Harbor Affects Cloud Service Providers | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-07-09T00:00:00+00:00","description":"How does U.S.-EU Safe Harbor set of policy standards affect cloud service providers? They close the gap between Europe\u2019s and the U.S.\u2019s data privacy laws.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/how-safe-harbor-affects-cloud-service-providers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"How Safe Harbor Affects Cloud Service Providers"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2518"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2518\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2518"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}