FAQ 6 - Self-Certification

Q: How does an organization self-certify that it adheres to the safe harbor principles?

A: To self-certify for the safe harbor, organizations can provide to the Department of Commerce, or its designee, a letter, signed by a corporate officer, that contains at least the following information:

1.  name of organization, mailing address, email address, telephone and fax numbers;

2.  description of the activities of the organization covered by its safe harbor commitments;

3.  description of the organization's privacy policy, including:
        a.    where it is available for viewing by the public,
        b.    its effective date of implementation
        c.    a contact person for the handling of complaints, access requests, and any other issues arising under the safe harbor,
        d.    the specific statutory bodies that have jurisdiction to hear any claims against the organization regarding possible unfair or deceptive practices,
        e.    name of any privacy programs in which the organization is a member,
        f.     method of verification (e.g. in-house, third party)*, and
        g.    the independent recourse mechanism that is available to investigate unresolved         complaints.

*See FAQ on verification