+

Safe Harbor and Access Control for Transatlantic Data Transfer

The deal was made public on February 2nd, two days after the initial agreed upon deadline for a solution had passed. Speaking on the deal, Vera Jourova, the European Commissioner for Justice said, “For the first time ever, the US has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.”

The new framework is designed to facilitate the easy transfer of data between the EU and the US, while providing EU citizens with the same privacy protections afforded to them in the EU. With the deal in place, many of the 4,500 US companies that have a safe harbor agreement can breathe a little more easily, particular in light of the Weltimmo case – which could have forced US companies to comply with regulations in each European jurisdiction that they operate in, rather than the EU as a whole.

The new deal is still a challenge, though, and will continue to pose complex access control challenges for any US-based organization that collects, processes and transfers European citizens’ data. Companies will have to manage who can access European citizens’ data, and for what purpose. Additionally, the US Department of Commerce will carry out regular compliance checks of each company that has an agreement in place.

This means compliance officers will be asked to answer the type of questions that will cause internal teams to break out in a cold sweat. Forcing them to navigate through thousands of roles, documents and policies, in search of the answer to “What information can employee X in accounts, access”, or “Who can access files on UK-based customers?”

And while it sounds daunting, it doesn’t need to be a long and painful process. Especially if you’re familiar with Attribute Based Access Control (ABAC), which allows your organization to not only manage who does what and under what conditions, but also also prove it to auditors both from a user- and a document-centric access control perspective.

You can discover more about ABAC and compliance here. Personally, I expect more and more US companies will adopt this technology in the coming years, if nothing else just to uphold auditors’ and compliance officers’ sanity.

Oh, and if you want to get the lowdown on fine-grained access control and Safe Harbor, visit the dedicated Safe Harbor section of our site.

Babak Sadighi

Related Articles

Meeting today’s dynamic authorization and access challenges: The Axiomatics story | Dynamically Speaking
Dynamically Speaking
For more than 15 years, Axiomatics has worked with companies worldwide to define and deliver solutions to the most complex authorization and access challenge. In...
Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...