Issuance of Safe Harbor Principles and Transmission to European Commission; Procedures and Start Date for Safe Harbor List

AGENCY:

International Trade Administration, U.S. Department of Commerce.

ACTION:

Notice, correction; notice of procedures and start date for the Safe Harbor List.

SUMMARY:

This document contains corrections to the final documents which were published in the Federal Register on July 24, 2000 (65 FR 45666), relating to the safe harbor privacy framework and the procedures and start date for U.S. organizations to sign up to the safe harbor list. The corrected document and procedures and start date of the safe harbor list can also be found on the International Trade Administration's website ( www.ita.doc.gov/ecom ).

DATES:

This correction is effective immediately. The start date for the safe harbor is November 1, 2000.

Background

The final safe harbor privacy principles, Frequently Asked Questions, and related documents were formally issued on July 21, 2000. On July 27, 2000, The European Commission adopted a Decision determining that safe harbor arrangement provides adequate protection for personal data transferred from the EU. Several changes and additional information follow on how U.S. organizations may sign up to the safe harbor list.

FOR FURTHER INFORMATION CONTACT:

Further information on the safe harbor can be found at www.ita.doc.gov/ecom or by calling the Department of Commerce at 202-482-1614.

Correction of Publication

The publication of the final safe harbor privacy framework as published at 65 FR 45666 is corrected as follows:

Safe Harbor Privacy Principles Issued by the U.S. Department of Commerce on July 21, 2000:

In paragraph 4, the last sentence should read: “For the same reason, where the option is allowable under the Principles and/or U.S. law, organizations are expected to opt for the higher protection where possible.”

Beginning Date of the Safe Harbor List

U.S. organizations may begin signing up to the safe harbor list at www.ita.doc.gov/ecom beginning November 1, 2000. Organizations may either input information into the website or they may send a letter to the Department of Commerce, Attention: Safe Harbor Registration, Room 2009, Washington, DC 20230.

Signing up to the list:

• To be included on the safe harbor list, organizations must notify the Department of Commerce that they adhere to the safe harbor privacy principles developed by the Department of Commerce in coordination with the European Commission. The principles provide guidance for U.S. organizations on how to provide “adequate protection” for personal data from Europe as required by the European Union's Directive on Data Protection.
• An organization's request to be put on the safe harbor list, and its appearance on this list pursuant to that request, constitute a representation that it adheres to a privacy policy that meets the safe harbor privacy principles. Organizations must also publicly declare and state in their privacy policies that they adhere to the safe harbor principles.
• Adherence to the safe harbor principles and subscription to the list are entirely voluntary. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the safe harbor.
• In order to keep this list current, a notification will be effective for a period of twelve months. Therefore, organizations need to notify the Department of Commerce every twelve months to reaffirm their continued adherence to the safe harbor principles.
• Organizations should notify the Department of Commerce if their representation to the Department is no longer valid. Failure by an organization to so notify the Department could constitute a misrepresentation of its adherence to the safe harbor privacy principles and failure to do so may be actionable under the False Statements Act (18 U.S.C. § 1001).
• An organization may withdraw from the list at any time by notifying the Department of Commerce. Withdrawal from the list terminates the organization's representation of adherence to the safe harbor principles, but this does not relieve the organization of its obligations with respect to personal information received prior to the termination.
• If a relevant self-regulatory or government enforcement body finds an organization has engaged in a persistent failure to comply with the principles, then the organization is no longer entitled to the benefits of the safe harbor.
• In order to sign up to the list, organizations may either send a letter signed by a corporate officer to the Department of Commerce or have a corporate officer register on the Department of Commerce's website (www.ita.doc.gov) that provides all information required in FAQ 6.
• In maintaining the list, the Department of Commerce does not assess and makes no representation as to the adequacy of any organization's privacy policy or its adherence to that policy. Furthermore, the Department of Commerce does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, omission, or deletion of any organization, or any other action related to the maintenance of the list.