82 FR 7796 - Submission for OMB Review; Comment Request Information Collection for Self-Certification to the EU-U.S. Privacy Shield Framework
DEPARTMENT OF COMMERCE Federal Register Volume 82, Issue 13 (January 23, 2017)
Federal Register Volume 82, Issue 13 (January 23, 2017)
| Page Range | 7796-7797 | |
| FR Document | 2017-01334 |
[Federal Register Volume 82, Number 13 (Monday, January 23, 2017)] [Notices] [Pages 7796-7797] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-01334] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE Submission for OMB Review; Comment Request Information Collection for Self-Certification to the EU-U.S. Privacy Shield Framework The Department of Commerce will submit to the Office of Management and Budget (OMB) for clearance the following proposal for collection of information under the provisions of the Paperwork Reduction Act (44 U.S.C. Chapter 35). Agency: International Trade Administration (ITA). Title: Information Collection for Self-Certification to the EU-U.S. Privacy Shield Framework. OMB Control Number: 0625-0276. Form Number(s): None. Type of Request: Regular submission. Number of Respondents: 3,600. Average Hours per Response: 38 minutes. Burden Hours: 2,954. Needs and Uses: The United States and the European Union (EU) share the goal of enhancing privacy protection for their citizens, but take different approaches to protecting personal data. Given those differences, the Department of Commerce (DOC) developed the EU-U.S. Privacy Shield Framework (Privacy Shield) in consultation with the European Commission, as well as with industry and other stakeholders, to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the European Union while ensuring the protection of the data as required by EU law. On July 12, 2016, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law, and the DOC began accepting self-certification submissions from organizations on August 1, 2016. More information on the Privacy Shield is available at: https://www.privacyshield.gov/welcome. The DOC has issued the Privacy Shield Principles under its statutory authority to foster, promote, and develop international commerce (15 U.S.C. 1512). The International Trade Administration (ITA) administers and supervises the Privacy Shield, including by maintaining and making publicly available an authoritative list of U.S. organizations that have self-certified to the DOC. U.S. organizations submit information to ITA to self-certify their compliance with Privacy Shield. U.S. organizations considering self-certifying to the Privacy Shield should review the Privacy Shield Framework. [[Page 7797]] In summary, in order to enter the Privacy Shield, an organization must (a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation, or another statutory body that will effectively ensure compliance with the Principles; (b) publicly declare its commitment to comply with the Principles; (c) publicly disclose its privacy policies in line with the Principles; and (d) fully implement them. Self-certification to the DOC is voluntary; however, an organization's failure to comply with the Principles after its self- certification is enforceable under Section 5 of the Federal Trade Commission Act prohibiting unfair and deceptive acts in or affecting commerce (15 U.S.C. 45(a)) or other laws or regulations prohibiting such acts. In order to rely on the Privacy Shield for transfers of personal data from the EU, an organization must self-certify its adherence to the Principles to the DOC, be placed by ITA on the Privacy Shield List, and remain on the Privacy Shield List. To self-certify for the Privacy Shield, an organization must provide to the DOC a self-certification submission that contains the information specified in the Privacy Shield Principles. The Privacy Shield self-certification form would be the means by which an organization would provide the relevant information to ITA. ITA has committed to follow up with organizations that have been removed from the Privacy Shield List. ITA will send questionnaires to organizations that fail to complete the annual certification or who have withdrawn from the Privacy Shield to verify whether they will return, delete, or continue to apply the Principles to the personal information that they received while they participated in the Privacy Shield, and if personal information will be retained, verify who within the organization will serve as an ongoing point of contact for Privacy Shield-related questions. In addition, ITA has committed to conduct compliance reviews on an ongoing basis, including through sending detailed questionnaires to participating organizations. In particular, such compliance reviews shall take place when: (a) The DOC has received specific non-frivolous complaints about an organization's compliance with the Principles, (b) an organization does not respond satisfactorily to inquiries by the DOC for information relating to the Privacy Shield, or (c) there is credible evidence that an organization does not comply with its commitments under the Privacy Shield. Affected Public: Primarily businesses or other for-profit organizations. Frequency: Annual and periodic. Respondent's Obligation: Voluntary. This information collection request may be viewed at www.reginfo.gov. Follow the instructions to view the Department of Commerce collections currently under review by OMB. Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to OIRA [email protected] or fax to (202) 975-5806. Sheleen Dumas, PRA Departmental Lead, Office of the Chief Information Officer. [FR Doc. 2017-01334 Filed 1-19-17; 8:45 am] BILLING CODE 3510-DS-P
![7796 Federal Register / Vol. 82, No. 13 / Monday, January 23, 2017 / Notices
program participants (including computer system. The computer server DEPARTMENT OF COMMERCE
recipients, borrowers, grantees, and is maintained in a secure, access-
contractors), USDA employees, and controlled area within an access- Submission for OMB Review;
other USDA information. RADAR will controlled building. Paper records are Comment Request Information
also contain records OIG ODS generates kept in limited access areas during duty Collection for Self-Certification to the
that are the result of its data analysis hours and in locked offices during EU-U.S. Privacy Shield Framework
and data analytics work. nonduty hours.
The Department of Commerce will
RECORD SOURCE CATEGORIES: RECORD ACCESS PROCEDURES: submit to the Office of Management and
Information contained in this system Budget (OMB) for clearance the
An individual may request access to
is obtained from systems of records following proposal for collection of
a record in this system that pertains to
maintained by USDA and other information under the provisions of the
him/her by submitting a written request
Government agencies; individuals; non- Paperwork Reduction Act (44 U.S.C.
to the Counsel to the Inspector General,
Government, commercial, public, and Chapter 35).
Office of Inspector General, U.S.
private agencies and organizations; Agency: International Trade
Department of Agriculture, 1400
media, including periodicals, Administration (ITA).
Independence Avenue SW., Stop 2308, Title: Information Collection for Self-
newspapers, and broadcast transcripts; Washington, DC 20250–2308.
and publicly-available databases. Certification to the EU-U.S. Privacy
CONTESTING RECORD PROCEDURES: Shield Framework.
ROUTINE USES OF RECORDS MAINTAINED IN THE OMB Control Number: 0625–0276.
SYSTEM, INCLUDING CATEGORIES OF USERS AND An individual may contest Form Number(s): None.
PURPOSE OF SUCH USES: information in this system that pertains Type of Request: Regular submission.
Routine Uses 1 through 16, 19, 20, to him/her by submitting a written Number of Respondents: 3,600.
and 21 apply. 80 FR 48476 (Aug. 13, request to the Counsel to the Inspector Average Hours per Response: 38
2015). General, Office of Inspector General, minutes.
U.S. Department of Agriculture, 1400 Burden Hours: 2,954.
POLICIES AND PRACTICES FOR STORAGE OF Independence Avenue SW., Stop 2308,
RECORDS: Needs and Uses: The United States
Washington, DC 20250–2308. This and the European Union (EU) share the
The RADAR System, USDA/OIG–8, system may contain records originated
consists of computerized and paper goal of enhancing privacy protection for
by USDA agencies and contained in their citizens, but take different
records. USDA’s other systems of records. Where approaches to protecting personal data.
POLICIES AND PRACTICES FOR RETRIEVAL OF appropriate, coordination will be Given those differences, the Department
RECORDS: effected with the appropriate USDA of Commerce (DOC) developed the EU-
The records are retrieved by names, agency regarding individuals contesting U.S. Privacy Shield Framework (Privacy
addresses, Social Security Numbers, and records in the relevant system of Shield) in consultation with the
tax identification numbers of USDA records. European Commission, as well as with
program participants or employees, or NOTIFICATION PROCEDURES:
industry and other stakeholders, to
by case numbers. Records are retrieved provide organizations in the United
by USDA OIG’s Office of Data Sciences Any individual may request States with a reliable mechanism for
employees. information regarding this system of personal data transfers to the United
records, or information as to whether States from the European Union while
POLICIES AND PRACTICES FOR RETENTION AND the system contains records pertaining ensuring the protection of the data as
DISPOSAL OF RECORDS: to him/her, from the Counsel to the required by EU law.
The records contained in this system Inspector General, Office of Inspector On July 12, 2016, the European
are currently unscheduled. A record General, U.S. Department of Commission deemed the Privacy Shield
retention schedule will be developed Agriculture, 1400 Independence Avenue Framework adequate to enable data
and submitted to NARA for approval. SW., Stop 2308, Washington, DC 20250– transfers under EU law, and the DOC
No records will be destroyed until a 2308. began accepting self-certification
NARA approved record retention
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
submissions from organizations on
schedule is in place.
August 1, 2016. More information on
Any records contained in the system No exemptions are applicable to the Privacy Shield is available at:
before the creation of the Office of Data records created by OIG ODS in the https://www.privacyshield.gov/
Sciences, are retained and disposed of RADAR System, USDA/OIG–8. For welcome.
in compliance with OIG’s record individual records originating within a The DOC has issued the Privacy
disposition authority approved by USDA system of records, OIG will Shield Principles under its statutory
NARA for Inspector General Audit and continue to apply any applicable authority to foster, promote, and
Evaluation Case Files. Privacy Act exemptions to those develop international commerce (15
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL individual records. U.S.C. 1512). The International Trade
SAFEGUARDS:
HISTORY:
Administration (ITA) administers and
OIG has adopted appropriate supervises the Privacy Shield, including
administrative, technical, and physical USDA OIG updated and published its by maintaining and making publicly
controls in accordance with OIG’s system of records notices in their available an authoritative list of U.S.
mstockstill on DSK3G9T082PROD with NOTICES
information security policies to protect entirety on August 13, 2015. 80 FR organizations that have self-certified to
the security, integrity, and availability 48476. System of Records USDA/OIG–8, the DOC. U.S. organizations submit
of the information, and to ensure that originally established on March 5, 2009 information to ITA to self-certify their
records are not disclosed to or accessed (74 FR 9584), was included and updated compliance with Privacy Shield.
by unauthorized individuals. in that consolidated notice. U.S. organizations considering self-
Computerized records are maintained [FR Doc. 2017–01412 Filed 1–19–17; 8:45 am] certifying to the Privacy Shield should
in a secure, password protected BILLING CODE 3410–23–P review the Privacy Shield Framework.
VerDate Sep<11>2014 19:02 Jan 19, 2017 Jkt 241001 PO 00000 Frm 00014 Fmt 4703 Sfmt 4703 E:\FR\FM\23JAN1.SGM 23JAN1](https://thefederalregister.org/doc/82_FR_7809/page/1.svg)
![Federal Register / Vol. 82, No. 13 / Monday, January 23, 2017 / Notices 7797
In summary, in order to enter the with its commitments under the Privacy A limited number of seats will be
Privacy Shield, an organization must (a) Shield. available for the public session.
be subject to the investigatory and Affected Public: Primarily businesses Reservations are not accepted. To the
enforcement powers of the Federal or other for-profit organizations. extent time permits, members of the
Trade Commission (FTC), the Frequency: Annual and periodic. public may present oral statements to
Department of Transportation, or Respondent’s Obligation: Voluntary. the Committee. The public may submit
another statutory body that will This information collection request written statements at any time before or
effectively ensure compliance with the may be viewed at www.reginfo.gov. after the meeting. However, to facilitate
Principles; (b) publicly declare its Follow the instructions to view the distribution of public presentation
commitment to comply with the Department of Commerce collections materials to Committee members, the
Principles; (c) publicly disclose its currently under review by OMB. Committee suggests that public
privacy policies in line with the Written comments and presentation materials or comments be
Principles; and (d) fully implement recommendations for the proposed forwarded before the meeting to Ms.
them. information collection should be sent Springer.
Self-certification to the DOC is within 30 days of publication of this The Assistant Secretary for
voluntary; however, an organization’s notice to OIRA Submission@ Administration, with the concurrence of
failure to comply with the Principles omb.eop.gov or fax to (202) 975–5806. the delegate of the General Counsel,
after its self-certification is enforceable Sheleen Dumas, formally determined on January 12,
under Section 5 of the Federal Trade PRA Departmental Lead, Office of the Chief 2017, pursuant to Section 10(d) of the
Commission Act prohibiting unfair and Information Officer. Federal Advisory Committee Act, as
deceptive acts in or affecting commerce [FR Doc. 2017–01334 Filed 1–19–17; 8:45 am] amended (5 U.S.C. app. 2 § 10(d)), that
(15 U.S.C. 45(a)) or other laws or BILLING CODE 3510–DS–P
the portion of the meeting concerning
regulations prohibiting such acts. trade secrets and commercial or
In order to rely on the Privacy Shield financial information deemed privileged
for transfers of personal data from the DEPARTMENT OF COMMERCE or confidential as described in 5 U.S.C.
EU, an organization must self-certify its 552b(c)(4) and the portion of the
adherence to the Principles to the DOC, Bureau of Industry and Security meeting concerning matters the
be placed by ITA on the Privacy Shield disclosure of which would be likely to
List, and remain on the Privacy Shield Information Systems Technical frustrate significantly implementation of
List. To self-certify for the Privacy Advisory Committee; Notice of an agency action as described in 5
Shield, an organization must provide to Partially Closed Meeting U.S.C. 552b(c)(9)(B) shall be exempt
the DOC a self-certification submission The Information Systems Technical from the provisions relating to public
that contains the information specified Advisory Committee (ISTAC) will meet meetings found in 5 U.S.C. app. 2
in the Privacy Shield Principles. The on January 25 and 26, 2017, 9:00 a.m., §§ 10(a)(1) and 10(a)(3). The remaining
Privacy Shield self-certification form in the Herbert C. Hoover Building, portions of the meeting will be open to
would be the means by which an Room 3884, 14th Street between the public.
organization would provide the relevant Constitution and Pennsylvania Avenues For more information, call Yvette
information to ITA. NW., Washington, DC. The Committee Springer at (202) 482–2813.
ITA has committed to follow up with
advises the Office of the Assistant Dated: January 17, 2017.
organizations that have been removed
Secretary for Export Administration on Yvette Springer,
from the Privacy Shield List. ITA will
technical questions that affect the level Committee Liaison Officer.
send questionnaires to organizations
of export controls applicable to
that fail to complete the annual [FR Doc. 2017–01423 Filed 1–19–17; 8:45 am]
information systems equipment and
certification or who have withdrawn BILLING CODE 3510–JT–P
technology.
from the Privacy Shield to verify
whether they will return, delete, or Wednesday, January 25
continue to apply the Principles to the DEPARTMENT OF COMMERCE
Open Session
personal information that they received
while they participated in the Privacy 1. Welcome and Introductions Bureau of Industry and Security
Shield, and if personal information will 2. Working Group Reports
3. Old Business Sensors and Instrumentation
be retained, verify who within the Technical Advisory Committee; Notice
organization will serve as an ongoing 4. Industry Presentations: Quantum
Computing of Partially Closed Meeting
point of contact for Privacy Shield-
5. New business The Sensors and Instrumentation
related questions.
In addition, ITA has committed to Thursday, January 26 Technical Advisory Committee (SITAC)
conduct compliance reviews on an will meet on February 1, 2017, 9:30
ongoing basis, including through Closed Session a.m., (Pacific Standard Time) at the SPIE
sending detailed questionnaires to 6. Discussion of matters determined to Photonics West, The Moscone Center
participating organizations. In be exempt from the provisions South, 747 Howard Street, Room 102
particular, such compliance reviews relating to public meetings found in South Hall (Exhibit Level), San
shall take place when: (a) The DOC has 5 U.S.C. app. 2 §§ 10(a)(1) and Francisco, CA 94103. Registration for an
received specific non-frivolous 10(a)(3). exhibit-only pass is required and is
mstockstill on DSK3G9T082PROD with NOTICES
complaints about an organization’s The open session will be accessible available for free. Attendees can register
compliance with the Principles, (b) an via teleconference to 20 participants on for an exhibit-only pass in advance at
organization does not respond a first come, first serve basis. To join the https://spie.org/conferences-and-
satisfactorily to inquiries by the DOC for conference, submit inquiries to Ms. exhibitions/photonics-west/registration
information relating to the Privacy Yvette Springer at Yvette.Springer@ or sign up onsite at the registration
Shield, or (c) there is credible evidence bis.doc.gov, no later than January 18, booth. The Committee advises the Office
that an organization does not comply 2017. of the Assistant Secretary for Export
VerDate Sep<11>2014 19:02 Jan 19, 2017 Jkt 241001 PO 00000 Frm 00015 Fmt 4703 Sfmt 4703 E:\FR\FM\23JAN1.SGM 23JAN1](https://thefederalregister.org/doc/82_FR_7809/page/2.svg)
Document Created: 2017-01-20 01:30:18
Document Modified: 2017-01-20 01:30:18
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| FR Citation | 82 FR 7796 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR