Back

Submit a safe harbor self-certification letter.


CONTROL ID
06871
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Require data controllers to be accountable for their actions., CC ID: 00470

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To self-certify for the Privacy Shield, an organization must provide to the Department a self-certification submission, signed by a corporate officer on behalf of the organization that is joining the Privacy Shield, that contains at least the following information: (§ III.6.b., EU-U.S. Privacy Shield Framework Principles)
  • The organization should provide the Department of Commerce with a signed letter to self-certify for the safe harbor. (FAQ-Self-Certification ¶ 2, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain the organization's name, mailing address, e-mail address, telephone number, and fax number. (FAQ-Self-Certification ¶ 2.1, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the organizational activities with respect to personal information received from the European Union. (FAQ-Self-Certification ¶ 2.2, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the organization's privacy policy for the transferred personal information. (FAQ-Self-Certification ¶ 2.3, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes where the privacy policy is located for the public to access it. (FAQ-Self-Certification ¶ 2.3.a, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes the effective implementation date. (FAQ-Self-Certification ¶ 2.3.b, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes a Point Of Contact to handle complaints and access requests. (FAQ-Self-Certification ¶ 2.3.c, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes the specific statutory body that can hear claims about unfair practices or deceptive practices and violations of privacy regulations or privacy laws. (FAQ-Self-Certification ¶ 2.3.d, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes the names of the privacy programs that the organization is a member of. (FAQ-Self-Certification ¶ 2.3.e, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes the method the organization uses for verification, e.g., in-house or third party. (FAQ-Self-Certification ¶ 2.3.f, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The self-certification letter for the safe harbor should contain a description of the privacy policy that includes the independent recourse mechanism the organization uses to investigate unresolved complaints. (FAQ-Self-Certification ¶ 2.3.g, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The organization should submit a self-certification letter to the Department of Commerce (or designee) at least annually or the organization will be removed from the safe harbor list and not be assured of these benefits. (FAQ-Self-Certification ¶ 4, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)