[Federal Register Volume 65, Number 182 (Tuesday, September 19, 2000)]
[Notices]
[Pages 56534-56535]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-24003]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration


Issuance of Safe Harbor Principles and Transmission to European 
Commission; Procedures and Start Date for Safe Harbor List

AGENCY: International Trade Administration, U.S. Department of 
Commerce.

ACTION: Notice, correction; notice of procedures and start date for the 
Safe Harbor List.

-----------------------------------------------------------------------

SUMMARY: This document contains corrections to the final documents 
which were published in the Federal Register on July 24, 2000 (65 FR 
45666), relating to the safe harbor privacy framework and the 
procedures and start date for U.S. organizations to sign up to the safe 
harbor list. The corrected document and procedures and start date of 
the safe harbor list can also be found on the International Trade 
Administration's website (www.ita.doc.gov/ecom).

DATES: This correction is effective immediately. The start date for the 
safe harbor is November 1, 2000.

Background

    The final safe harbor privacy principles, Frequently Asked 
Questions, and related documents were formally issued on July 21, 2000. 
On July 27, 2000, The European Commission adopted a Decision 
determining that safe harbor arrangement provides adequate protection 
for personal data transferred from the EU. Several changes and 
additional information follow on how U.S. organizations may sign up to 
the safe harbor list.

FOR FURTHER INFORMATION CONTACT: Further information on the safe harbor 
can be found at www.ita.doc.gov/ecom or by calling the Department of 
Commerce at 202-482-1614.

Correction of Publication

    The publication of the final safe harbor privacy framework as 
published at 65 FR 45666 is corrected as follows:

[[Page 56535]]

Safe Harbor Privacy Principles Issued by the U.S. Department of 
Commerce on July 21, 2000:

    In paragraph 4, the last sentence should read: ``For the same 
reason, where the option is allowable under the Principles and/or U.S. 
law, organizations are expected to opt for the higher protection where 
possible.''

Beginning Date of the Safe Harbor List

    U.S. organizations may begin signing up to the safe harbor list at 
www.ita.doc.gov/ecom beginning November 1, 2000. Organizations may 
either input information into the website or they may send a letter to 
the Department of Commerce, Attention: Safe Harbor Registration, Room 
2009, Washington, DC 20230.
    Signing up to the list:
     To be included on the safe harbor list, organizations must 
notify the Department of Commerce that they adhere to the safe harbor 
privacy principles developed by the Department of Commerce in 
coordination with the European Commission. The principles provide 
guidance for U.S. organizations on how to provide ``adequate 
protection'' for personal data from Europe as required by the European 
Union's Directive on Data Protection.
     An organization's request to be put on the safe harbor 
list, and its appearance on this list pursuant to that request, 
constitute a representation that it adheres to a privacy policy that 
meets the safe harbor privacy principles. Organizations must also 
publicly declare and state in their privacy policies that they adhere 
to the safe harbor principles.
     Adherence to the safe harbor principles and subscription 
to the list are entirely voluntary. An organization's absence from the 
list does not mean that it does not provide effective protection for 
personal data or that it does not qualify for the benefits of the safe 
harbor.
     In order to keep this list current, a notification will be 
effective for a period of twelve months. Therefore, organizations need 
to notify the Department of Commerce every twelve months to reaffirm 
their continued adherence to the safe harbor principles.
     Organizations should notify the Department of Commerce if 
their representation to the Department is no longer valid. Failure by 
an organization to so notify the Department could constitute a 
misrepresentation of its adherence to the safe harbor privacy 
principles and failure to do so may be actionable under the False 
Statements Act (18 U.S.C. Sec. 1001).
     An organization may withdraw from the list at any time by 
notifying the Department of Commerce. Withdrawal from the list 
terminates the organization's representation of adherence to the safe 
harbor principles, but this does not relieve the organization of its 
obligations with respect to personal information received prior to the 
termination.
     If a relevant self-regulatory or government enforcement 
body finds an organization has engaged in a persistent failure to 
comply with the principles, then the organization is no longer entitled 
to the benefits of the safe harbor.
     In order to sign up to the list, organizations may either 
send a letter signed by a corporate officer to the Department of 
Commerce or have a corporate officer register on the Department of 
Commerce's website (www.ita.doc.gov) that provides all information 
required in FAQ 6.
     In maintaining the list, the Department of Commerce does 
not assess and makes no representation as to the adequacy of any 
organization's privacy policy or its adherence to that policy. 
Furthermore, the Department of Commerce does not guarantee the accuracy 
of the list and assumes no liability for the erroneous inclusion, 
misidentification, omission, or deletion of any organization, or any 
other action related to the maintenance of the list.

    Dated: September 13, 2000.
Rebecca J. Richards,
International Trade Specialist, International Trade Administration/
Trade Development.
[FR Doc. 00-24003 Filed 2-18-00; 8:45 am]
BILLING CODE 3510-DR-P