[Federal Register Volume 79, Number 225 (Friday, November 21, 2014)]
[Notices]
[Pages 69421-69422]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-27643]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE


Submission for OMB Review; Comment Request

    The Department of Commerce will submit to the Office of Management 
and Budget (OMB) for clearance the following proposal for collection of 
information under the provisions of the Paperwork Reduction Act (44 
U.S.C. Chapter 35).
    Agency: International Trade Administration (ITA).
    Title: Information for Self-Certification under FAQ 6 of the United 
States (U.S.)--European Union (EU) Safe Harbor Framework and United 
States (U.S.)--Switzerland (Swiss) Safe Harbor Framework.
    OMB Control Number: 0625-0239.
    Form Number(s): ITA-4149P.
    Type of Request: Regular submission (extension of a currently 
approved information collection).
    Burden Hours: 520.
    Number of Respondents: 780.
    Average Hours per Response: 40 minutes.
    Needs and Uses: In order to ensure continued flows of personal data 
to the United States from the European Union (EU) and Switzerland, 
where the national data protection regimes restrict transfers of such 
data to countries not recognized as providing ``adequate'' privacy 
protection, the U.S. Department of Commerce (DOC) developed similar,

[[Page 69422]]

but separate arrangements with the European Commission and the Federal 
Data Protection and Information Commissioner of Switzerland (Swiss 
FDPIC) to provide eligible U.S. organizations with a streamlined means 
of complying with the relevant EU and Swiss data protection 
requirements. The complete set of documents and additional guidance 
materials concerning the U.S.-EU Safe Harbor Framework and the U.S.-
Swiss Safe Harbor Framework may be found at http://export.gov/safeharbor.
    The decision by a U.S. organization to self-certify its compliance 
with one or both of the Safe Harbor Frameworks is entirely voluntary; 
however, once made, the organization must comply and publicly declare 
that it does so. To be assured of Safe Harbor benefits, an organization 
must reaffirm its self-certification annually to the DOC. Organizations 
that have self-certified, appear on the relevant public Safe Harbor 
List(s) maintained by the DOC, and have not allowed their certification 
status to lapse are presumed to provide ``adequate'' data protection in 
accordance with EU and Swiss data protection requirements. An 
organization's self-certification and appearance on the public Safe 
Harbor List(s) constitute an enforceable representation to the DOC and 
the public. Any public misrepresentation concerning an organization's 
participation in the Safe Harbor or compliance with one or both of the 
Safe Harbor Frameworks may be actionable by the Federal Trade 
Commission (FTC) or other relevant government body.
    The public U.S.-EU Safe Harbor List and the U.S.-Swiss Safe Harbor 
List, which are necessary to make the Safe Harbor Frameworks 
operational, and were a key demand of the European Commission and the 
Swiss FDPIC in agreeing that compliance with the Safe Harbor Frameworks 
provides ``adequate'' privacy protection. The Safe Harbor Lists are 
used by European citizens and organizations to determine whether a U.S. 
organization is presumed to provide ``adequate'' data protection, as 
well as by U.S. and European authorities to determine whether an 
organization has self-certified (i.e., especially when a complaint has 
been lodged against that organization).
    Affected Public: Business or other for-profit organizations.
    Frequency: Annual.
    Respondent's Obligation: Voluntary.
    This information collection request may be viewed at reginfo.gov. 
Follow the instructions to view Department of Commerce collections 
currently under review by OMB.
    Written comments and recommendations for the proposed information 
collection should be sent within 30 days of publication of this notice 
to [email protected] or fax to (202) 395-5806.

    Dated: November 18, 2014.
Glenna Mickelson,
Management Analyst, Office of the Chief Information Officer.
[FR Doc. 2014-27643 Filed 11-20-14; 8:45 am]
BILLING CODE 3510-DR-P