The Data Protection Directive (officially Directive 95/46/EC) regulates the processing of personal data within the European Union and also provides the criteria for Safe Harbour privacy for companies operating within the European Union. The Safe Harbour regulations forbid sending of customer’s personal data to countries outside the European Economic Area unless there is a guarantee that it will receive adequate levels of protection. There are no Safe Harbour considerations for EU companies with services deployed to Scotland while Scotland is part of the UK and when Scotland has become independent of the UK and joined the EU as an independent country. However there may be a period of time between Scotland becoming independent and joining the EU (as an independent country) when Safe Harbour requirements really matter. At this time no EU company will have a Safe Harbour agreement with the newly independent Scotland. Therefore any company with Identity Stores (or business systems containing personal data) deployed in Scotland will be in breach of the Data Protection Directive.
Imagine a situation where an organisation manages its customers’ identities in a different jurisdiction to its business services. In this situation an organisation would be required to migrate all Identity data away from a non-EU independent Scotland with no EU-Scotland Safe Harbour agreement. The period where Scotland gained independence and joined the EU independently may be small but the organisation would still be in breach. The seriousness of this case is impacted further by the Financial Services Compensation Scheme’s requirement for Safe Harbour compliance. As of 31 December 2010 the Financial Services Compensation Scheme (FSCS) offers full compensation of up to £85,000 per saver, per authorised institution. The Financial Services Compensation Scheme (FSCS) can pay compensation to consumers in the event that an authorised financial services firm is unable to pay back customers’ money and generally cannot meet claims made by customers against it. If a bank were to become vulnerable to a security breach while in breach of safe harbour regulations then they would not be insured by the FSCS and potentially would then be unable to compensate the customer. It is therefore worthwhile for the customer to check the EU Safe Harbour compliance of their bank on Scottish Independence.
1 thought on “A Scottish Safe Harbour for Identity Management”
[…] ← A Scottish Safe Harbour for Identity Management […]