Certified Cloud Security Professional – CCSP – Question028

Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

A.
GLBA
B. HIPAA
C. Safe Harbor
D. SOX

Correct Answer: C

Explanation:

Explanation: Due to the lack of an adequate privacy law or protection at the federal level in the United States, European privacy regulations generally prohibit the exporting or sharing of PII from Europe with the United States. Participation in the Safe Harbor program is voluntary on behalf of an organization, but it does require them to conform to specific requirements and policies that mirror those from the EU. Thus, organizations can fulfill requirements for data sharing and export and possibly serve customers in the EU.