When Safe Harbors are not so safe …Archive360’s clients weather the storm from above
- November 13, 2015
A storm is brewing in international data security on several fronts that leaves US companies operating in Europe vulnerable.
The first storm front involves a September 23, 2015 decision by the Attorney General of the EU‘s highest court’s that invalidates the 15 year old “Safe Harbor” agreement negotiated by the EU and US. That Safe Harbor agreement permits US companies to self-certify that their internal safeguards satisfy the EU requirements for data security. In part, Edward Snowden’s disclosures and the subsequent collection of EU citizens’ personal information by the US National Security Agency caused the EU‘s Attorney General to find that EU residents’ privacy is not adequately protected by US firms. Thousands of US companies presently rely on this agreement for compliance with European privacy laws which allows these US companies to legally transfer personal data from Europe to the US. If the Safe Harbor agreement is invalidated, the result could be that US companies may not be able to store, process, or manage data (such as emails) for EU customers and their employees.
The second storm front involves a decision under appeal in a Microsoft lawsuit in New York involving US and foreign governmental seizures of electronic records. At issue is the reach of US law abroad and access to emails of EU citizens. The facts of that case are that Microsoft has been ordered to disclose email documents of a suspected drug trafficker to the US government that are stored in Ireland. Should Microsoft lose its appeal, companies that utilize US- based archiving solutions will be subject to access and disclosure to a US court or federal authority which will affect client retention and new business in international markets. Microsoft’s counsel also argues that this lower court decision should be overturned so as to avoid another possible result, namely a “global free-for-all” where foreign governments seek to seize records stored in the US.
These two storm fronts present challenges amounting to a tipping point for companies still utilizing traditional email platforms. These challenges demand solutions to be addressed proactively…..and quickly. Archive360 is an industry leader in archive migration solutions and is positioned to offer cloud archive migration solutions in European data centers that will comply with EU privacy laws.
Archive360 is the world’s leading email archive migration company. We’ve handled the largest email archive migration projects in North America, and have successfully migrated more email archive data than anyone else. Weather the storm with us and contact one of our Archive360 sales representatives or one of our many Channel Partners today!
 See Federal Register Volume 65, Issue 142 (July 24, 2000).The ECJ will likely issue its final ruling on the case (C-362/14, Maximillian Schrems v. Data Prot. Comm’r (E.C.J. argued Mar. 24, 2015) before the end of 2015. The AG’s 9/23/15 decision is not a binding European Court of Justice (ECJ) order but the ECJ does often follow the AG’s opinion.
 See EU’s 1998 Data Protection Directive In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., 14-02985, (2nd Cir. Court of Appeals)
Your legal, compliance and security teams rely on having an immutable copy of all of your emails. Office 365 archiving does not support journaling. So what should we do?
This eBook provides actionable tips to empower IT to solve the problem.