Companies today confront unprecedented legal challenges when they seek to transfer personal data between different nations. Many nations have recently enacted “data protection” laws, designed to protect the personal information of individuals. Although protecting the personal information of individuals is surely a worthwhile goal, the enactment of these laws has nevertheless encumbered the ability of companies to process and move the personal data they collect. The legal challenges faced are perhaps greatest as they relate to multinational or global companies, many of which are based in the United States. This article describes the nature of these problems, the status of one potential solution that many companies are pursuing – “binding corporate rules” (“BCRs”) – and offers the findings from Ponemon Institute’s 2003 & 2005 Benchmark Study on Corporate Privacy Practices on how companies are responding to global privacy standards. View More