Annual Reaffirmation of Your Organization’s Commitment to the Safe Harbor Framework(s)

Safe Harbor FAQ #6 states, in part, that:

“The Department (or its designee) will maintain a list of all organizations that file such [self-certification] letters, thereby assuring the availability of safe harbor benefits, and will update such list on the basis of annual letters and notifications received pursuant to FAQ 11. Such self-certification letters should be provided not less than annually.” (Emphasis Added)

The Department interprets this requirement to mean that an organization may either reaffirm its existing self-certification and provide any relevant updates or submit a new self-certification form. Regardless of which method is used, the submission must be made on or before the anniversary date of the organization’s original self-certification.

An organization will be provided a reasonable grace period to reaffirm its commitment to the Safe Harbor Framework(s); however, if an organization does not reaffirm by the end of this period, its “Certification Status” will change from “Current” to “Not Current”. An organization’s certification status is reflected on the lists that appear on the Safe Harbor website.

An organization may reaffirm its commitment via the Safe Harbor website, as well as via e-mail or letter. An authorized corporate officer must reaffirm the four reaffirmation points listed below. We strongly recommend that an organization reaffirm via the Safe Harbor website, as this option is the one best suited to process submissions in a timely and accurate manner. Please note that the four reaffirmation points will appear on a designated web page when an organization reaffirms online via the Safe Harbor website.

Reaffirming via the Safe Harbor Website:

1. Go to the Safe Harbor website home page: http://export.gov/safeharbor/

2. Click on the Safe Harbor Login / Certification Form link (https://safeharbor.export.gov/login.aspx) located under Safe Harbor on the left navigation bar. A login window will open prompting you to enter your organization’s username and password. Enter your organization’s username and password and then click on the Submit button.

Note: If you cannot remember the username and password, then please contact us and we will attempt to retrieve them. If we are unable to retrieve them, we will reset them and send the new ones to the relevant point of contact within your organization.

3. The next page to open will present three choices: a) Update Profile; b) Change Password; and c) Reaffirm Safe Harbor Application. Click on the Reaffirm Safe Harbor Application link.

Note: Choice (c) should only appear as Reaffirm Safe Harbor Application when your organization is due to reaffirm its commitment (n.b. a period that typically begins one month before the anniversary of your organization’s original self-certification), otherwise it will appear as Update Safe Harbor Application.

4. The next page to open will be your organization’s self-certification record. Review the information contained therein, update as needed, and then click on the Continue button at the bottom of the page.

5. The next page to open will be the reaffirmation page. An authorized corporate officer must read each of the four reaffirmation points, indicate compliance by ticking each of the corresponding boxes, and then click on the Continue button.

6. The next page to open will be the payment page.

If your organization chooses to pay by credit card, tick the relevant box, enter the required information, and then click on the Submit button. An electronic receipt will appear, which your organization should print for its own records, and we will begin the review.

If your organization chooses to pay by check, tick the relevant box and we will be notified that a check is pending. When we receive confirmation from your organization that the check is being sent in accordance with the instructions, we will begin the review. Unless we are provided with an electronic copy of the check (e.g. PDF attached to an e-mail or faxed copy) before the check itself arrives, the review will begin when the check does arrive.

Note: If your organization receives organization human resources data (i.e. personal information about your organization's own employees, past or present, collected in the context of the employment relationship) from the European Union (EU), then it must select the EU data protection authorities (DPAs) to serve as an independent recourse mechanism for dispute resolution. If your organization has chosen the EU DPAs for dispute resolution, regardless of whether your organization receives organization human resources data, then your organization must pay an annual fee of US $50 to cover the operating costs of the EU DPAs' dispute resolution panel. The relevant fee is payable to the United States Council for International Business (c/o Mr. Paul Cronin, U.S. Council for International Business (USCIB); 1212 Avenue of the Americas; New York, NY 10036), which has agreed to act as trusted third party for this purpose. If you require further information on how to carry out the payment, please contact Mr. Cronin, USCIB, at: 212-703-5088, or pcronin@uscib.org. If you require further information on how the cooperation / compliance with the EU DPAs works, you may contact the Secretariat of the Data Protection Panel at: JLS-C5@ec.europa.eu.

Note: The form used for self-certifying compliance with the U.S.-EU Safe Harbor Framework is identical to that used for self-certifying compliance with the U.S.-Swiss Safe Harbor Framework; therefore, an organization may reaffirm to one or both of the Safe Harbor Frameworks when reaffirming via the Safe Harbor website. Organizations should also note that when they select “Switzerland” as a country from which they receive personal data (i.e. whether they specifically ticked the box corresponding to “Switzerland” or used the “All” function), they are self-certifying compliance with the U.S.-Swiss Safe Harbor Framework.