U.S. organizations may begin signing up to the safe harbor list at www.ita.doc.gov/ecom beginning November 1, 2000. Organizations may either input information into the website or they may send a letter to the Department of Commerce, Attention: Safe Harbor Registration, Room 2009, Washington, DC 20230.

Signing up to the list:
 

• To be included on the safe harbor list, organizations must notify the Department of Commerce that they adhere to the safe harbor privacy principles developed by the Department of Commerce in coordination with the European Commission. The principles provide guidance for U.S. organizations on how to provide "adequate protection" for personal data from Europe as required by the European Union's Directive on Data Protection.

• An organization's request to be put on the safe harbor list, and its appearance on this list pursuant to that request, constitute a representation that it adheres to a privacy policy that meets the safe harbor privacy principles. Organizations must also publicly declare and state in their privacy policies that they adhere to the safe harbor principles.

 
• Adherence to the safe harbor principles and subscription to the list are entirely voluntary. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the safe harbor.

 
• In order to keep this list current, a notification will be effective for a period of twelve months. Therefore, organizations need to notify the Department of Commerce every twelve months to reaffirm their continued adherence to the safe harbor principles.

 
• Organizations should notify the Department of Commerce if their representation to the Department is no longer valid. Failure by an organization to so notify the Department could constitute a misrepresentation of its adherence to the safe harbor privacy principles and failure to do so may be actionable under the False Statements Act (18 U.S.C. § 1001).

 
• An organization may withdraw from the list at any time by notifying the Department of Commerce. Withdrawal from the list terminates the organization's representation of adherence to the safe harbor principles, but this does not relieve the organization of its obligations with respect to personal information received prior to the termination.

 
• If a relevant self-regulatory or government enforcement body finds an organization has engaged in a persistent failure to comply with the principles, then the organization is no longer entitled to the benefits of the safe harbor.

 
• In order to sign up to the list, organizations may either send a letter signed by a corporate officer to the Department of Commerce or have a corporate officer register on the Department of Commerce's website (www.ita.doc.gov/ecom)that provides all information required in FAQ 6.

• In maintaining the list, the Department of Commerce does not assess and makes no representation as to the adequacy of any organization's privacy policy or its adherence to that policy. Furthermore, the Department of Commerce does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, omission, or deletion of any organization, or any other action related to the maintenance of the list.