Reading an article in the trade journal Computing prompted me to double check that our Data Protection policies, particularly now that the company I work for is rapidly expanding into a global operation.  Reviewing legislation for one country is heavy going, and I’m pleased to say that for UK our policies are still more than satisfactory.  However looking at the dealing with cross boarder issues, things get a lot trickier.  With the requirements laid down by the Organisation for Economic Cooperation and Development (OECD) which includes the UK, national legislation for other EU countries and OECD members. Plus the fact that the US has a different approach to data protection compared to other OECD members as a result they’ve setup something called Safe Harbour to address the OECD restrictions.  Upstanding all this differing positions is enough to make someone’s brain ache.  Fortunately we don’t yet have to contend with specific requirements such as Sarbanes Oxley.