Association of Corporate Counsel

Data Protection - A Practical Guide to Personal Data Transfer Laws in Europe, Canada and the U.S.

Updated July 2006

Provided by the Association of Corporate Counsel
1025 Connecticut Avenue, Suite 200
Washington, D.C. 20036
Tel 202.293.4103
Fax 202.293.4107
www.acca.com

This InfoPAKSM is intended to provide a general overview of key issues that all U.S. businesses should be aware of if they are requesting information about individuals (whether employees of subsidiaries, visitors to websites or in third-party data bases) to be transferred from Europe, Canada or the Asian Pacific region into the U.S. This information should not be construed as legal advice or legal opinion on specific facts, or representative of the views of ACC or any of its lawyers, unless so stated. This is not intended as a definitive statement on the subject but a tool, providing practical, current information for the reader. We hope that you find this material useful. Thank you for contacting the Association of Corporate Counsel.

Full Downloadable Version, PDF Format.

Table Of Contents

  1. An Overview of Data Protection

  2. Global Data Protection Laws
    1. European Union / United Kingdom
    2. Canada
    3. Asia / Pacific Region
    4. United States

  3. Implementation and Compliance with Data Protection Laws
    1. European Union / United Kingdom
    2. Canada
    3. Asia / Pacific Region
    4. United States

  4. Universal Exemption
    1. Consent
    2. European Union approved data transfer contract clauses
    3. Negotiated Exceptions

  5. Access Rights of Individual to Personal Data
    1. European Union / United Kingdom
    2. Canada
    3. Asia / Pacific Region
    4. United States

  6. Sanctions and Enforcement
    1. European Union / United Kingdom
    2. Canada
    3. Asia / Pacific Region
    4. United States

  7. Additional Resources

  8. Sample Forms and Policies
    1. ABC's Corporate Data Protection Policy
    2. Internal Process — Employee Data Consent Form
    3. Internal Access and User Privileges
    4. Internal Process — File Storage & Document Retention Policy
    5. Third Party Process — Assurance of Compliance Letter
    6. Policy on Data Protection and Privacy of Personal Information

  9. Article: "Avoiding the Latest EU Data Protection Pitfalls: Changes in European Privacy Laws that Restrict Emarketing," ACC Docket 21, no. 6 (June 2003): 92-101
Back to Top
Association of Corporate Counsel
1025 Connecticut Ave, NW, Suite 200, Washington, DC 20036-5425. 202/293-4103. webmistress@acca.com.
© Copyright 2006 Association of Corporate Counsel. All rights reserved.