Information Collection for Self-Certification to the EU_U.S. and Swis-U.S. Privacy Shield Framework

Information Collection for Self-Certification to the EU-U.S. and Swiss-U.S. Privacy Shield Framework

PS questionnaire_Failure to Recertify_03-23-2017

Information Collection for Self-Certification to the EU_U.S. and Swis-U.S. Privacy Shield Framework

OMB: 0625-0276

Document [docx]
Download: docx | pdf


You are receiving this questionnaire because your organization has failed to complete its annual recertification to the Department of Commerce regarding participation in the EU-U.S. and/or Swiss-U.S. Privacy Shield Framework(s) (as may be relevant to your organization). As a result, the Department will remove your organization from the Privacy Shield List, and your organization may no longer benefit from the European Commission’s or Swiss Government’s adequacy decision to receive personal information from the EU or from Switzerland.

Your organization must remove from any relevant privacy policy any references to Privacy Shield that imply that the organization continues to actively participate in Privacy Shield and is entitled to its benefits.  

Your organization must verify whether it will return, delete, or continue to apply the Privacy Shield Principles to the personal information that it received in reliance upon Privacy Shield, and if personal information will be retained, verify who within the organization will serve as an ongoing point of contact for Privacy Shield-related questions.

Failure to respond to this request within 30 days may be subject to enforcement action by the Federal Trade Commission, the Department of Transportation, or other enforcement authorities.



Failure to Recertify Questionnaire



  1. Please confirm that: (i) you are authorized to make representations on behalf of the organization and its covered entities regarding its adherence to the Privacy Shield Principles; (ii) the information submitted to the Department of Commerce for purposes of self-certification is accurate and correct; (iii) you understand that misrepresentations in any information provided to the Department may be actionable under the False Statements Act, 18 U.S.C. § 1001; and (iv) you understand that failure to adhere to the Privacy Shield Principles with regard to such personal data may lead to enforcement actions by the relevant enforcement authority.



  1. Please provide the following information concerning the organization that self-certified its adherence to the Privacy Shield Principles:

    1. Organization Name;

    2. Organization Contact (the individual or office within the organization handling complaints, access requests, and any other issues concerning the organization’s compliance with the Privacy Shield Framework(s));

      1. Name;

      2. Title;

      3. Phone number; and

      4. E-mail address

    3. Organization Corporate Officer (the individual certifying the organization’s compliance with the Privacy Shield Framework(s));

  1. Name;

  2. Title;

  3. Phone number; and

  4. E-mail address

    1. Mailing Address


  1. Please verify whether the organization wishes to withdraw from Privacy Shield:

    1. Yes; or

    2. No.



If the organization wishes to withdraw from Privacy Shield:


  1. With respect to personal data received in reliance upon Privacy Shield, please verify that the organization will:

    1. Retain such data, continue to apply the Privacy Shield Principles to such data, and affirm to the Department of Commerce on an annual basis its commitment to apply the Principles to such data;

    2. Retain such data and provide “adequate” protection for such data by another authorized means;

    3. Return or delete such data. If so, specify the date by which all such data was returned or deleted; or

    4. A combination of the above options (please describe).



If the organization intends to recertify its compliance with Privacy Shield:


  1. Please verify that, during the lapse of the organization’s certification status, the organization applied the Principles to personal data received under Privacy Shield.




  1. Please clarify what steps the organization will take to address the outstanding issues that have delayed its recertification: (select all that apply)

    1. Submit recertification application;

    2. Make appropriate revisions to privacy policy statements;

    3. Make privacy policy statements available for review;

    4. Clarify selection of or put in place an appropriate independent recourse mechanism;

    5. Submit payment for the relevant Privacy Shield fees;

    6. Other step(s) (please describe).






File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2021-01-14

© 2024 OMB.report | Privacy Policy