Information Collection for Self-Certification to the EU_U.S. and Swis-U.S. Privacy Shield Framework

Download: docx | pdf

You are receiving this questionnaire because your organization has withdrawn from the EU-U.S. and/or the Swiss-U.S. Privacy Shield Framework(s) (as may be relevant to your organization). Organizations that choose to retain personal information received in reliance upon Privacy Shield by continuing to apply the Privacy Shield Principles to such data must affirm to the Department of Commerce, on an annual basis, their commitment to apply the Principles to such data. Organizations that have returned or deleted all such data or that provide “adequate” protection by another authorized means are no longer required to complete and submit this annual questionnaire after they notify the Department of Commerce of this action.

Failure to respond to this request within 30 days may be subject to enforcement action by the Federal Trade Commission, the Department of Transportation, or other enforcement authorities.

Annual Questionnaire for Organizations that Indicated upon Withdrawal that They Would Retain Personal Data Received under Privacy Shield

1. Please confirm that: (i) you are authorized to certify on behalf of the organization and its covered entities regarding its continued adherence to the Privacy Shield Principles with regard to all personal data received in reliance upon Privacy Shield; (ii) the information submitted to the Department of Commerce for purposes of affirming the organization’s adherence to the Principles following withdrawal from Privacy Shield is accurate and correct; (iii) you understand that misrepresentations in any information provided to the Department may be actionable under the False Statements Act, 18 U.S.C. § 1001; and (iv) you understand that failure to adhere to the Privacy Shield Principles with regard to such personal data may lead to enforcement actions by the relevant enforcement authority.

2. Please provide the following information concerning the organization that self-certified its adherence to the Privacy Shield Principles:

1. Organization Name;

2. Organization Contact (the individual or office within the organization handling complaints, access requests, and any other issues concerning the organization’s compliance with the Privacy Shield Framework(s));

1. Name;

2. Title;

3. Phone number; and

4. E-mail address

3. Organization Corporate Officer (the individual certifying the organization’s compliance with the Privacy Shield Framework(s));

1. Name;

2. Title;

3. Phone number; and

4. E-mail address

4. Mailing Address

3. Please verify that the personal data received in reliance upon Privacy Shield, which the organization had indicated at the time of its withdrawal would be retained by the organization, was:

   1. Retained and subjected to the Privacy Shield Principles;

   2. Retained and “adequate” protection for such data was provided by another authorized means; or

   3. Returned or deleted. If so, specify the date by which all such data was returned or deleted.

4. With respect to any personal data received in reliance upon Privacy Shield that is retained by the organization, please verify that the organization will:

1. Retain such data, continue to apply the Privacy Shield Principles to such data, and affirm to the Department of Commerce on an annual basis its commitment to continue to apply the Principles to such data; or

2. Retain such data and provide “adequate” protection for such data by another authorized means.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2021-01-13