[Federal Register Volume 66, Number 11 (Wednesday, January 17, 2001)]
[Notices]
[Pages 3983-3984]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-1386]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE


Submission for OMB Review; Comment Request

    DOC has submitted to the Office of Management and Budget (OMB) for 
clearance the following proposal for collection of information under 
the provisions of the Paperwork Reduction Act of 1995, Public Law 104-
13.
    Bureau: International Trade Administration.
    Title: Information for Certification Under FAQ 6 of the Safe Harbor 
Privacy Principles.
    Agency Form Number: N/A.
    OMB Number: 0625-0239.
    Type of Request: Regular Submission.
    Burden: 550 hours.
    Number of Respondents: 1500.
    Avg. Hours Per Response: 20-40 minutes.
    Needs and Uses: In response to the European Commission Directive on 
Data Protection that restricts transfers of personal information from 
Europe to countries whose privacy practices are not deemed 
``adequate,'' the U.S. Department of Commerce has developed a ``safe 
harbor'' framework that will allow U.S. organizations to satisfy the 
European Directive's requirements and ensure that personal data flows 
to the United States are not interrupted. In this process, the 
Department of Commerce repeatedly consulted with U.S. organizations 
affected by the European directive and interested non-government 
organizations. On July 27, 2000, the European Commission issued its 
decision in accordance with Article 25.6 of the Directive that the Safe 
Harbor Privacy Principles provide adequate privacy protection. The safe 
harbor framework bridges the differences between the European Union 
(EU) and U.S. approaches to privacy protection. Under the safe harbor 
privacy framework, information is being collected in order to create a 
list of the organizations that have self-certified to the Principles. 
Organizations that have signed up to this list are deemed ``adequate'' 
under the Directive and do not have to provide further documentation to 
European officials. This list will be used by European Union 
organizations to determine whether further information and contracts 
will be needed for a U.S. organization to receive personally 
identifiable information. The decision to enter the safe harbor is 
entirely voluntary. Organizations that decide to participate in the 
safe harbor must comply with the safe harbor's requirements and 
publicly declare that they do so. To be assured of safe harbor

[[Page 3984]]

benefits, an organization needs to self certify annually to the 
Department of Commerce in writing that it agrees to adhere to the safe 
harbor's requirements, which includes elements such as notice, choice, 
access, and enforcement. It must also state in its published privacy 
policy statement that it adheres to the safe harbor. This list will be 
used by European Union organizations to determine whether further 
information and contracts will be needed by a U.S. organization to 
receive personally identifiable information. It will be used by the 
European Data Protection Authorities to determine whether a company is 
providing ``adequate'' protection, and whether a company has requested 
to cooperate with the Data Protection Authority. The list will also be 
accessed when there is a complaint logged in the EU against a U.S. 
organization, and used by the Federal Trade Commission and the 
Department of Transportation to determine whether a company is part of 
the safe harbor. It will be accessed if a company is practicing 
``unfair and deceptive'' practices and has misrepresented itself to the 
public. In addition, the list will be used by the Department of 
Commerce and the European Commission to determine if organizations are 
signing up to the list on a regular basis.
    Affected Public: Businesses or other for-profit.
    Frequency: Annually.
    Respondent's Obligation: Voluntary.
    OMB Desk Officer: David Rostker, (202) 395-7340.
    Copies of the above information collection proposal can be obtained 
by calling or writing Madeleine Clayton, Departmental Forms Clearance 
Officer, (202) 482-3129, Department of Commerce, Room 6086, 14th and 
Constitution, NW., Washington, DC 20230 (or via the Internet at 
[email protected].
    Written comments and recommendations for the proposed information 
collection should be sent to David Rostker, OMB Desk Officer, Room 
10202, New Executive Office Building, Washington, DC 20503 within 30 
days of the publication of this notice in the Federal Register.

    Dated: January 11, 2001.
Madeleine Clayton,
Departmental Forms Clearance Officer, Office of the Chief Information 
Officer.
[FR Doc. 01-1386 Filed 1-16-01; 8:45 am]
BILLING CODE 3510-DR-P