Prism Data Certified Safe

Albuquerque, N.M. - Data consolidator and business travel consultant Prism Group last week told Business Travel News it had become one of the first 100 companies to be certified by the U.S. Department of Commerce as a "Safe Harbor" for the transfer of personal data from Europe to the United States.

While just two other travel companies are similarly certified—Cendant Corp., New York and North Palm Beach, Fla.-based WorldChoice-Travel.com—Prism's primary competitors in the data consolidation realm, Atlanta's Hi-Mark Software and TRX Inc., also are seeking certification.

Les Baker, Prism's newly appointed vice president of privacy, said the development is not a marketing move or an attempt to gain competitive advantage, but rather an effort "to be exemplary."

"The EU is the most stringent in terms of the use of personal data," said Prism president Michael Whitesage. "We believe this program is a way for the industry to demonstrate its commitment to privacy, so we encourage everyone to seriously examine it, including travel agencies, data consolidators, and company travel departments alike. It's an important step for the industry."

According to the Department of Commerce, the Safe Harbor designation is an indication that an organization adheres to guidance on "how to provide 'adequate protection' for personal data from Europe as required by the European Union's Directive on Data Protection." The designation was first made available by DOC last fall.

According to the DOC's Web site, "participation in the safe harbor framework and self-certification to the list are entirely voluntary. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the safe harbor."

Whitesage said the designation requires a rigorous application process. "We had to talk about our data practices and describe our policy in detail," he said. "Since this is outside of existing law, we've agreed to abide by Federal Trade Commission sanctions if we violate those policies." He said Prism did not have to adjust its policies to meet the EU's standards.

Whitesage said the basic requirement of the Safe Harbor arrangement is that the organization use data only for the reason it was collected.

Both TRX and Hi-Mark have con cluded agreements with European travel entities that meet the EU data directive and are pursuing certification under the DOC's Safe Harbor program.