Safe Harbor and Data Encryption

[james () frymanet com]

Hello all.

I am doing some research into the implementation of Safe Harbor for the company that I currently work at, particularly 
around the concept of the Security principal defined in Safe Harbor workbook.

Given that the definition of 'Security' within the workbook is very broad and ambiguous, I am currently operating under 
the assumption that data encryption for PII within a US Safe Harbor is necessary only if a company in the EU uses 
encryption to protect data-at-rest. 

Two questions from the above statements:
1) Is that assumption safe, or would data encryption at rest be required regardless?
2) If the above is safe, how prevalent is data encryption for PII within European companies?

Very interested in thoughts from the community on the above. 

Thanks!

-James

----------------------
James Fryman
james () frymanet com