[Federal Register Volume 75, Number 196 (Tuesday, October 12, 2010)]
[Notices]
[Pages 62502-62503]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-25454]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
International Trade Administration
Proposed Information Collection; Comment Request; Information for
Self-Certification Under FAQ 6 of the United States--European Union
Safe Harbor Privacy Framework
AGENCY: International Trade Administration.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Department of Commerce, as part of its continuing effort
to reduce paperwork and respondent burden, invites the general public
and other Federal agencies to take this opportunity to comment on
proposed and/or continuing information collections, as required by the
Paperwork Reduction Act of 1995.
DATES: Written comments must be submitted on or before December 13,
2010.
ADDRESSES: Direct all written comments to Diana Hynek, Departmental
Paperwork Clearance Officer, Department of Commerce, Room 6616, 14th
and Constitution Avenue, NW., Washington, DC 20230 (or via the Internet
at [email protected]).
FOR FURTHER INFORMATION CONTACT: Requests for additional information or
copies of the information collection instrument and instructions should
be directed to: Damon Greer, U.S. Department of Commerce, International
Trade Administration, Room 2003, 1401 Constitution Avenue, NW.,
Washington, DC 20230; Phone number: (202) 482-5023 and fax number:
(202) 482-5522.
SUPPLEMENTARY INFORMATION:
I. Abstract
In response to the European Union Directive on Data Protection that
restricts transfers of personal information from Europe to countries
whose privacy practices are not deemed ``adequate,'' the U.S.
Department of Commerce has developed a ``Safe Harbor'' framework that
will allow U.S. organizations to satisfy the European Directive's
requirements and ensure that personal data flows to the United States
are not interrupted. In this process, the Department of Commerce (DOC)
repeatedly consulted with U.S. organizations affected by the European
Directive and interested non-government organizations. On July 26,
2000, the European Commission issued its decision in accordance with
Article 25.6 of the Directive that the Safe Harbor Privacy Principles
provide adequate privacy protection. The Safe Harbor framework bridges
the differences between the European Union (EU) and U.S. approaches to
privacy protection. The complete set of Safe Harbor documents and
additional guidance materials may be found at http://export.gov/safeharbor.
Once the Safe Harbor was deemed ``adequate'' by the European
Commission on July 26, 2000, the DOC began working on the requirements
that are necessary to put this accord into effect. The European Member
States implemented the decision made by the Commission within 90 days.
Therefore, the Safe Harbor became operational on November 1, 2000. The
Department of Commerce created a list for U.S. organizations to sign up
to the Safe Harbor and provided guidance on the mechanics of signing up
to this list. As of May 12, 2010, 2,200 U.S. organizations have been
placed on the Safe Harbor List, located at http://export.gov/safeharbor.
Organizations that have signed up to this list are deemed
``adequate'' under the Directive and do not have to provide further
documentation to European officials. This list will be used by EU
citizens and organizations to determine whether further information and
contracts will be needed for a U.S. organization to receive personally
identifiable information. This list is necessary to make the Safe
Harbor accord operational, and was a key demand of the Europeans in
agreeing that the Principles were providing ``adequate'' privacy
protection.
The Safe Harbor provides a number of important benefits to U.S.
firms. Most importantly, it provides predictability and continuity for
U.S. organizations that receive personal information from the EU.
Personally identifiable information is defined as any information that
can be identified to a specific person, for example an employee's name
and extension would be considered personally identifiable information.
All 27 member countries are bound by the European Commission's finding
of ``adequacy''. The Safe Harbor also eliminates the need for prior
approval to begin data transfers, or makes approval from the
appropriate EU member countries automatic. The Safe Harbor principles
offer a simpler and cheaper means of complying with the adequacy
requirements of the Directive, which should particularly benefit small
and medium enterprises.
The decision to enter the Safe Harbor is entirely voluntary.
Organizations that decide to participate in the Safe Harbor must comply
with the safe harbor's requirements and publicly declare that they do
so. To be assured of Safe Harbor benefits, an organization needs to
reaffirm its self-certification annually (Form ITA-4149P) to the DOC
that it agrees to adhere to the safe harbor's requirements, which
includes elements such as notice, choice, access, data integrity,
security and enforcement.
This list will be most regularly used by EU organizations to
determine whether further information and contracts will be needed by a
U.S. organization to receive personally identifiable information. It
will be used by the European Data Protection Authorities to determine
whether a company is providing ``adequate'' protection, and whether a
company has requested to cooperate with the Data Protection Authority.
This list will be accessed when there is a complaint logged in the EU
against a U.S. organization. This will be on a monthly basis. It will
be used by the Federal Trade Commission and the Department
[[Page 62503]]
of Transportation to determine whether a company is part of the Safe
Harbor. This will be accessed if a company is practicing ``unfair and
deceptive'' practices and has misrepresented itself to the public. It
will be used by the DOC and the European Commission to determine if
organizations are signing up to the list. This list is updated on a
regular basis.
II. Method of Collection
The self-certification form is available via the Internet at http://export.gov/safeharbor/ and by mail to requesting organizations.
III. Data
OMB Control Number: 0625-0239.
Form Number(s): ITA-4149P.
Type of Review: Regular submission.
Affected Public: Business or for-profit organizations.
Estimated Number of Respondents: 500.
Estimated Time per Response: 18 minutes--Web site; 40 minutes--
letter.
Estimated Total Annual Burden Hours: 350 hours.
Estimated Total Annual Cost to Public: $100,000.
IV. Request for Comments
Comments are invited on: (a) Whether the proposed collection of
information is necessary for the proper performance of the functions of
the agency, including whether the information shall have practical
utility; (b) the accuracy of the agency's estimate of the burden
(including hours and cost) of the proposed collection of information;
(c) ways to enhance the quality, utility, and clarity of the
information to be collected; and (d) ways to minimize the burden of the
collection of information on respondents, including through the use of
automated collection techniques or other forms of information
technology.
Comments submitted in response to this notice will be summarized
and/or included in the request for OMB approval of this information
collection; they also will become a matter of public record.
Dated: October 5, 2010.
Gwellnar Banks,
Management Analyst, Office of the Chief Information Officer.
[FR Doc. 2010-25454 Filed 10-8-10; 8:45 am]
BILLING CODE 3510-DR-P