Information Collection for Self-Certification to the EU_U.S. Privacy Shield Framework

Under the Privacy Shield Framework, the Department of Commerce monitors effective compliance, including through sending questionnaires to participating organizations, to identify issues that may warrant further follow-up action. In particular, such compliance reviews shall take place when: (a) the Department has received specific non-frivolous complaints about an organization’s compliance with the Privacy Shield Principles, (b) an organization does not respond satisfactorily to inquiries by the Department for information relating to the Privacy Shield, or (c) there is credible information that an organization does not comply with its commitments under the Privacy Shield. You are receiving a compliance review questionnaire.

Failure to respond to this request within 30 days may be subject to enforcement action by the Federal Trade Commission, the Department of Transportation, or other enforcement authorities.

Compliance Review Questionnaire

1. Please confirm that: (i) you are authorized to make representations on behalf of the organization and its covered entities regarding its adherence to the Privacy Shield Principles; (ii) the information submitted to the Department of Commerce for purposes of self-certification, including with regard to personal data received in reliance upon the Privacy Shield, is accurate and correct; (iii) you understand that misrepresentations in any information provided to the Department may be actionable under the False Statements Act, 18 U.S.C. § 1001; and (iv) you understand that failure to adhere to the Privacy Shield Principles with regard to such personal data may lead to enforcement actions by the relevant enforcement authority.

2. Please provide the following information concerning the organization that self-certified its adherence to the Privacy Shield Principles:

1. Organization Name;

2. Organization Contact (the individual or office within the organization handling complaints, access requests, and any other issues concerning the organization’s compliance with the Privacy Shield Framework);

1. Name;

2. Title;

3. Phone number; and

4. E-mail address

3. Organization Corporate Officer (the individual certifying the organization’s compliance with the Privacy Shield Framework);

1. Name;

2. Title;

3. Phone number; and

4. E-mail address

4. Mailing Address

You are receiving this questionnaire with regard to the following matter:

2. Has the organization received any individual complaints regarding the matter described above? If it has, please describe when any such complaint was received, how it was handled and the outcome, and provide any relevant documentation.

2. Has this matter been presented to an alternative dispute resolution provider or an EU data protection authority (DPA)? If it has, please describe when it was presented and the outcome, and provide any relevant documentation.

2. Has the organization otherwise reviewed this matter? If it has, please describe when any such review was conducted and the outcome, and provide any relevant documentation.

2. Can you provide any additional information or documentation regarding this matter?

2. [Potential additional organization or issue-specific questions, if appropriate.]