H5, the high-end provider of automated document analysis and information risk management services for the legal industry, has obtained safe harbor certification from the US Federal Trade Commission.
Most US companies whose business involves handling EU-derived data now have such certification, and it is safe to assume that if a company of H5’s standing has not got it it already, it is because they have chosen not to rush. Whether this implies a new interest in EU markets is hard to say. I hope so, because the H5 approach is one worth considering for lawyers and corporates with very large data collections who just want the result at a known cost rather than the burden of getting there themselves.
It is always worth checking what the actual wording is of the certification – the mere fact of certification does not necessarily imply the widest protection, quite apart from questions (which I do not purport to answer) as to whether any safe harbor outside the EU is safe enough in privacy and data protection terms. H5’s certification is as wide as one would want, covering:
Personal Information Received From the EU: H5 processes EEA personal data relating to (1) employees for purposes of global human resources administration and management, (2) contacts of actual and prospective corporate customers and business partners in order to manage business relationships, (3) product end users and prospects to provide service and product information and (4) individuals whose data H5 processes on behalf of business customers as a mere data processor.
I have already reported (The portability of H5’s process) that the H5 approach to document review can be made available in the UK on data hosted here. Nevertheless, EU-based businesses who want the H5 approach and who are on top of the implications of exporting their data to the US will be glad to know of H5’s safe harbor certification.