The Department of Commerce will submit to the Office of Management and Budget (OMB) for clearance the following proposal for collection of information under the provisions of the Paperwork Reduction Act (44 U.S.C. Chapter 35).
Agency: International Trade Administration (ITA).
Title: Information for Self-Certification under FAQ 6 of the United States (U.S.)—European Union (EU) Safe Harbor Framework and United States (U.S.)—Switzerland (Swiss) Safe Harbor Framework.
OMB Control Number: 0625-0239.
Form Number(s): ITA-4149P.
Type of Request: Regular submission (extension of a currently approved information collection).
Burden Hours: 520.
Number of Respondents: 780.
Average Hours per Response: 40 minutes.
Needs and Uses: In order to ensure continued flows of personal data to the United States from the European Union (EU) and Switzerland, where the national data protection regimes restrict transfers of such data to countries not recognized as providing “adequate” privacy protection, the U.S. Department of Commerce (DOC) developed similar, Start Printed Page 69422but separate arrangements with the European Commission and the Federal Data Protection and Information Commissioner of Switzerland (Swiss FDPIC) to provide eligible U.S. organizations with a streamlined means of complying with the relevant EU and Swiss data protection requirements. The complete set of documents and additional guidance materials concerning the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework may be found at http://export.gov/safeharbor.
The decision by a U.S. organization to self-certify its compliance with one or both of the Safe Harbor Frameworks is entirely voluntary; however, once made, the organization must comply and publicly declare that it does so. To be assured of Safe Harbor benefits, an organization must reaffirm its self-certification annually to the DOC. Organizations that have self-certified, appear on the relevant public Safe Harbor List(s) maintained by the DOC, and have not allowed their certification status to lapse are presumed to provide “adequate” data protection in accordance with EU and Swiss data protection requirements. An organization's self-certification and appearance on the public Safe Harbor List(s) constitute an enforceable representation to the DOC and the public. Any public misrepresentation concerning an organization's participation in the Safe Harbor or compliance with one or both of the Safe Harbor Frameworks may be actionable by the Federal Trade Commission (FTC) or other relevant government body.
The public U.S.-EU Safe Harbor List and the U.S.-Swiss Safe Harbor List, which are necessary to make the Safe Harbor Frameworks operational, and were a key demand of the European Commission and the Swiss FDPIC in agreeing that compliance with the Safe Harbor Frameworks provides “adequate” privacy protection. The Safe Harbor Lists are used by European citizens and organizations to determine whether a U.S. organization is presumed to provide “adequate” data protection, as well as by U.S. and European authorities to determine whether an organization has self-certified (i.e., especially when a complaint has been lodged against that organization).
Affected Public: Business or other for-profit organizations.
Respondent's Obligation: Voluntary.
This information collection request may be viewed at reginfo.gov. Follow the instructions to view Department of Commerce collections currently under review by OMB.
Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to OIRA_Submission@omb.eop.gov or fax to (202) 395-5806.
Dated: November 18, 2014.
Management Analyst, Office of the Chief Information Officer.
[FR Doc. 2014-27643 Filed 11-20-14; 8:45 am]
BILLING CODE 3510-DR-P