[Federal Register Volume 65, Number 216 (Tuesday, November 7, 2000)]
[Notices]
[Pages 66690-66691]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-28474]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration


Information for Certification Under FAQ 6 of the Safe Harbor 
Privacy Principles

ACTION: Proposed collection; comment request.

-----------------------------------------------------------------------

SUMMARY: The Department of Commerce, as part of its continuing effort 
to reduce paperwork and respondent burdens, invites the general public 
and other Federal agencies to take this opportunity to comment on the 
continuing information collections, as required by the Paperwork 
Reduction Act of 1995, Public Law 104-13 (44 U.S.C. 35068 (2)(A)).

DATES: Written comments must be submitted on or before January 8, 2001.

ADDRESSES: Direct all written comments to Madeleine Clayton, 
Departmental Forms Clearance Officer, Department of Commerce, Room 
6086, 14th & Constitution Avenue, NW, Washington, DC 20230 (or via the 
Internet at [email protected]).

FOR FURTHER INFORMATION CONTACT: Request for additional information or 
copies of the information collection instrument and instructions should 
be directed to: Jeff Rohlmeier, Trade Development, Room 2011, 14th & 
Constitution Avenue, NW, Washington, DC 20230; Phone number: (202) 482-
1614 and fax number: (202) 501-2548.

SUPPLEMENTARY INFORMATION:

I. Abstract

    In response to the European Commission Directive on Data Protection 
that restricts transfers of personal information from Europe to 
countries whose privacy practices are not deemed ``adequate,'' the U.S. 
Department of Commerce has developed a ``safe harbor'' framework that 
will allow U.S. organizations to satisfy the European Directive's 
requirements and ensure that personal data flows to the United States 
are not interrupted. In this process, the Department of Commerce 
repeatedly consulted with U.S. organizations affected by the European 
directive and interested non-government organizations.
    On July 27, 2000, the European Commission issued its decision, in 
accordance with Article 25.6 of the Directive, that the Safe Harbor 
Privacy Principles provide adequate privacy protection. The safe harbor 
framework bridges the differences between the European Union (EU) and 
U.S. approaches to privacy protection. Under the safe harbor privacy 
framework, information is being collected in order to create a list of 
the organizations that have self-certified to the Principles.
    Organizations that have signed up to this list are deemed 
``adequate'' under the Directive and do not have to provide further 
documentation to European officials. This list will be used by European 
Union organizations to determine whether further information and 
contracts will be needed for a U.S. organization to receive personally 
identifiable information. The decision to enter the safe harbor is 
entirely voluntary. Organizations that decide to participate in the 
safe harbor must comply with the safe harbor's requirements and 
publicly declare that they do so.
    To be assured of safe harbor benefits, an organization needs to 
self certify annually to the Department of Commerce, in writing, that 
it agrees to adhere to the safe harbor's requirements, which includes 
elements such as notice, choice, access, and enforcement. It must also 
state in its published privacy policy statement that it adheres to the 
safe harbor.
    This list will be used by European Union organizations to determine 
whether further information and contracts will be needed by a U.S. 
organization to receive personally identifiable information. It will be 
used by the European Data Protection Authorities to determine whether a 
company is providing ``adequate'' protection, and whether a company has 
requested to cooperate with the Data Protection Authority.
    The list will also be accessed when there is a complaint logged in 
the EU against a U.S. organization, and used by the Federal Trade 
Commission and the Department of Transportation to determine whether a 
company is part of the safe harbor. It will be accessed if a company is 
practicing ``unfair and deceptive'' practices and has misrepresented 
itself to the public. In addition, the list will be used by the 
Department of Commerce and the European Commission to determine if 
organizations are signing up to the list on a regular basis.

II. Method of Collection

    The information collection form will be provided via the Internet 
at http://www.export.gov/SafeHarbor and by mail to requesting U.S. 
firms.

III. Data

    OMB Number: 0625-0239.
    Form Number: N/A.
    Type of Review: Regular submission.
    Affected Public: Business or other for-profit organizations.
    Estimated Number of Respondents: 1,500.
    Estimated Time Per Response: 20 minutes--website; and 40 minutes--
letter.
    Estimated Total Annual Burden Hours: 550 hours.
    Estimated Total Annual Costs to Public: $19,0250.

IV. Request for Comments

    Comments are invited on: (a) Whether the proposed collection of 
information is necessary for the proper performance of the functions of 
the agency, including whether the information shall have

[[Page 66691]]

practical utility; (b) the accuracy of the agency's estimate of the 
burden (including hours and costs) of the proposed collection of 
information; (c) ways to enhance the quality, utility, and clarity of 
the information to be collected; and (d) ways to minimize the burden of 
the collection of information on respondents, including through the use 
of automated collection techniques or forms of information technology.
    Comments submitted in response to this notice will be summarized 
and/or included in the request for OMB approval of this information 
collection; they also will become a matter of public record.

    Dated: November 1, 2000.
Gwellnar Banks,
Management Analyst, Office of the Chief Information Officer.
[FR Doc. 00-28474 Filed 11-6-00; 8:45 am]
BILLING CODE 3510-DR-P