Organization Information:

Earnings Performance Group, Inc.
830 Morris Turnpike
Short Hills, New Jersey - NJ 07078-2675
Phone: (973) 379-7772
Fax: (973) 379-3639
http://www.epggroup.com
Contact Information:

Contact Office: Short Hills, NJ 07078-2675
Phone: (973) 671-0118 Fax: (973) 379-3639 Email: Milagro D. Turcios, m.turcios@epggroup.com

Corporate Officer Information:

Corporate Officer: Joseph H. Halpin, Chairman and CEO
Phone: (973) 379-7772 Fax: (973) 379-3639 Email: j.halpin@epggroup.com

Safe Harbor Information:

Signed up to safe harbor 06/24/2005 11:24:07 AM
Next certification 06/14/2007
EU/EEA Countries From Which Personal Information Is Received: United Kingdom
Industry Sector: Financial Services - (FNS)
Personal Information Received From the EU:

Earnings Performance Group, Inc.
European Union Safe Harbor Privacy Policies
(Updated July 25, 2005)


Introduction

This policy document describes the practices and guidelines that Earnings Performance Group, Inc. ("EPG") uses to protect client information from unauthorized disclosure. Through this policy, EPG has self-certified its adherence to the EU - U.S. Safe Harbor framework. This document is reviewed, at a minimum, annually with revisions to incorporate changes in technology, business relationships, and Safe Harbor requirements.

EPG maintains all essential care and caution in protecting client and individual data. It is expected that all employees and contractors to EPG will uphold and abide by these policies. All employees and contractors upon employment with EPG are required to review and sign an agreement that they will uphold EPG's privacy policies at all times. The organization to govern information protection and privacy is structured to provide the checks and balances needed to ensure compliance.

The Executive Management, which includes the Chairman, CEO, CFO and President, oversees all aspects of information security and privacy.

The policies and guidelines within this document have been approved by the Executive Counsel

Overview of Individual Privacy Procedures

Since EPG's business in the European Union is limited to financial services, the type of data and information that we receive or transmit normally includes customer account numbers. EPG relies on account numbers since most other associated data elements such as balances, overdrafts, payments, and sometimes other accounts are linked to the account number. EPG directly
requests that clients not provide, include, or transmit individual names, addresses, phone numbers, or other information that might reveal individual identities. This information is neither pertinent to nor necessary for the work that we perform for our clients. In addition, EPG never analyzes or reviews individual account information. The account information is always aggregated and analyzed from an overall business impact and performance perspective. Even though this data contains no individual identifiers, when data is transmitted to our U.S. offices from EU client sites, that data is encrypted and protected from contamination.

EPG is fully committed to the principles and additional requirements of the Safe Harbor framework and has deployed the necessary mechanisms to ensurecomplete adherence to these principles as described below.

Notice

Earnings Performance Group collects personal information directly from our clients in electronic or report formats. Our clients are in complete control of the information provided to EPG. EPG insists that no information be provided that can directly link that information to an individual consumer, customer or person. Since EPG does not receive any individual persons' identifying information, EPG has no need or ability to contact individual client customers. If a client customer were to submit an inquiry about the use of their account information by third parties such as EPG, our clients would be free to refer the customer to our Safe Harbor certification and this description on the EPG website.

Choice

Similarly, since EPG does not receive individually identified data it is unlikely that an individual client customer would request that their data not be used in our analyses. Were a request to be filed with a client by an individual customer that their data not be utilized for research purposes or outside of the EU country where the customer's accounts are maintained, the client has the ability to delete this data prior to encrypting and transmitting to EPG. If the data has been transmitted to EPG prior to the customer's request, EPG can delete the customer's account data from our files with relative ease without impacting the quality of the research that we can provide our client. EPG is committed to honoring any such request that may be received from EU client customers via our clients. All privacy
related inquiries should be made to the Director of Technology using the contact information provided below.



Onward Transfer

EPG does not transfer any data to third parties. As described in the
introduction to this policy, only authorized employees and individual
contractors have access to client data. None of that data contains
individual client customer demographic or identifying information other than
account numbers and related financial information. All employees and
contractors when hired sign a strict privacy and confidentiality agreement.
All employees and contractors are subject to immediate termination for
revealing any of that data even though it does not contain any individual
identifying or sensitive information.

Security

While the data EPG receives from EU clients does not contain individual
demographic or identifying information, EPG has established and consistently
maintains sound and effective information security practices. As mentioned,
all data transmitted from EU clients is encrypted both for security and
confidentiality purposes. Data received on site is covered under the EPG
employer/employee confidentiality agreement referred to earlier in this
document. In addition, EPG maintains comprehensive and standardized data
security practices relating to all common areas of data security. Detailed
descriptions of these practices are included in the EPG Information Security
and Privacy Policies document that may be reviewed upon request.

Data Integrity

This principle applies to the proper use of personal information in ways
that are compatible with the purposes for which the data was provided.
Since EPG does not receive or analyze any individual personal data other
than the financial data associated only with account numbers, this principle
does not directly apply to the business that we conduct. However,
maintaining data integrity is a critical success factor in the work that we
do for our customers. It is critical to our work with our clients that we
maintain the integrity of their data to ensure the accuracy and quality of
the research that we perform for them.

For the purpose of performing an integrity audit, members of the EPG
Internal Audit Committee are authorized to access the network to conduct the
audit.

Access

As described in the principle of Choice above, an EU client's individual
customer may request access to their individual information at any time.
While this is very unlikely to occur in relation to the kind of analyses
that EPG performs and because we receive no identifying or personal data
other than financial data, an individual client customer's data can be
accessed and reviewed by account number if requested. A request of this
nature, were it to occur, can and will be satisfied with no impact on the
integrity of the research being conducted for that client.

Enforcement

In addition to audits that may be conducted on a regular basis by the Internal Audit Committee, enforcement of EPG's EU Safe Harbor practices require that all EPG employees and contractors who work in the EU comply with the following practices:

1. Sign off on the basic EPG Confidentiality Agreement
2. Review and sign off on the review of EPG's Information Security and Privacy Policies and the EU Safe Harbor Privacy Policies.
3. Understand that any violation of these agreements and policies may be subject to immediate termination and possible legal prosecution in the event that EPG, its clients, or its clients' customers experience any financial or other loss as a result of a violation.

Since data integrity is so critical to EPG's ongoing success, enforcement of EPG's EU Safe Harbor policies are considered to have "zero tolerance" for violations. All violations will be dealt with seriously.

With respect to any dispute relating to EPG's EU Safe Harbor policies that cannot be resolved through our internal channels, we will cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that EPG or such authorities determine that we did not comply with this policy, EPG will take appropriate steps to address any adverse effects and to promote future compliance. All privacy requests should be made to the Director of Technology using the contact information provided below.

Lastly, EPG frequently works in the EU and fully intends to keep these policies current and updated with the U. S. Department of Commerce on an annual basis. Further information and EPG's Safe Harbor certification can be found at http://www.export.gov/safeharbor.

Contact information

For further information, please contact:

Director of Technology
Earnings Performance Group, Inc.
830 Morris Turnpike
Short Hills, NJ 07078-2675
(973) 379-7222
(973) 379-3639 (FAX)

Privacy Policy Effective: June 24, 2005
Location: http://www.epggroup.com
Regulated by: Federal Trade Commission
Privacy Programs: Privacy programs are internal to EPG.
Verification: Client access upon request
Dispute Resolution: With respect to any dispute relating to EPG’s EU Safe Harbor policies that cannot be resolved through our internal channels, we will cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that EPG or such authorities determine that we did not comply with this policy, EPG will take appropriate steps to address any adverse effects and to promote future compliance.
Personal Data Covered: Electronically transmitted account data.
Human Resource Data Covered: No

Do you agree to cooperate and comply with the European Data Protection Authorities? Yes

Certification Status: Not Current
Compliance Status:

Safe Harbor Overview | Safe Harbor Documents | Workbook | Safe Harbor List
Information Required for Certification | Certification Form