Safe Harbor

U.S.-EU SAFE HARBOR LIST

The organizations on this list have notified the Department of Commerce that they adhere to the U.S.-EU Safe Harbor Framework developed by the Department of Commerce in coordination with the European Commission. The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.
An organization's self-certification of compliance with the U.S.-EU Safe Harbor Framework and the appearance of the organization on this list pursuant to the self-certification, constitute an enforceable representation to the Department of Commerce and the public that it adheres to a privacy policy that complies with the U.S.-EU Safe Harbor Framework.
There are benefits to organizations that participate in the U.S.-EU Safe Harbor program, but participation in the U.S.-EU Safe Harbor Framework and self-certification to the list are voluntary. Once an entity elects to participate in the program, it is legally required to comply with the Safe Harbor Privacy Principles. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the U.S.-EU Safe Harbor program. In order to keep this list current, a notification will be effective for a period of twelve months; therefore, organizations must notify the Department of Commerce every twelve months to reaffirm their continued adherence to the U.S.-EU Safe Harbor Framework.
Organizations should notify the Department of Commerce if their representation to the Department is no longer valid. Failure by an organization to so notify the Department could constitute a misrepresentation.
An organization may withdraw from the list at any time by notifying the Department of Commerce. Withdrawal from the list terminates the organization's representation of adherence to the U.S.-EU Safe Harbor Framework, but this does not relieve the organization of its Safe Harbor obligations with respect to personal information received during the time that the organization was on the U.S.-EU Safe Harbor list.
If a relevant self-regulatory or government enforcement body finds that an organization has engaged in a persistent failure to comply with the U.S.-EU Safe Harbor Privacy Principles, then that organization is no longer entitled to the benefits of the U.S.-EU Safe Harbor program. In this case, the organization must promptly notify the Department of Commerce of such facts either by email or letter. Failure to do so may be actionable under the False Statements Act (18 U.S.C. 1001). That organization must also provide the Department of Commerce with a copy of the decision letter from the relevant self-regulatory or government enforcement body.

In maintaining the list, the Department of Commerce does not assess and makes no representations to the adequacy of any organization's privacy policy or its adherence to that policy. Furthermore, the Department of Commerce does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, omission, or deletion of any organization, or any other action related to the maintenance of the list.

Search by Organization Details Show Details(...)

Organization Name:
Search Tip: Enter either (a) the exact Organization Name (e.g. The XYZ Corporation); or (b) the % symbol immediately before (i.e. no space) a word of consequence from the Organization Name (e.g. %XYZ)
Keyword:
Search Tip: Enter the Organization Contact name, Corporate Officer name or Zip Code
Phrase:
Search Tip: Enter a phrase or phrases enclosing each within quotation marks. Three types of phrase-based searches are possible: (1) a search for results containing a single phrase (e.g. “data protection authorities”); (2) a search for results containing all of the specified phrases (e.g. “data protection authorities” AND “DPAs”); and (3) a search for results containing any of the specified phrases (e.g. “data protection authorities” OR “DPAs”). This function is especially useful when searching for records that reference a particular Independent Recourse Mechanism or Verification Method.
Industry Sector:
State:

Search by Organization Certification Status Show Details(...)

Certification Status:

Search Alphabetically for Organization Name Show Details(...)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ALL

3786 Results

Organization

Certification Status

Personal Data

@ legal discovery LLC

Current

All personal data/On-line/On-line

1-800-HOSTING, Inc.

Current

off-line, on-line, manually processed data

100 Spears, LLC d/b/a eWork

Not Current

On-line, off-line, human resource data

101 Distribution

Not Current

on-line, off-line

1010data Global Telecom Solutions LLC

Not Current

All PII is denatured prior to being sent to 1010data. No such data is manually processed.

10gen, Inc

Current

Organization, Client, and Customer

12 Forward Entertainment, LLC

Current

1992 International Ltd., dba, Sutton Associates

Not Current

all employment screening matters

20/20 Software, Inc.

Current

Customer name, Company name, Address, Telephone, Email

2020 Research

Current

Market research data primarily dealing with consumer research.

24/7 Media

Current

On-Line

2Checkout.com, Inc.

Current

On-line, off-line, and manually processed

2sms

Current

online data, manually processed data.

3 Story Software

Current

Off-line, on-line, manually processed data, human resources data.

37signals, LLC

Current

all client and customer personal data, manually processed and electronic

3Cinteractive, LLC

Current

Personal identifiable information, UID

3D Systems Corporation

Current

Human Resources Data

3d Travel Metrics

Current

off-line, on-line, manually processed data

3dna Corporation, Inc. dba NationBuilder

Current

Consumer data, digitally processed.

3LZ International Corporation

Not Current

online

4 Thought Marketing

Current

Organization

41st Parameter

Current

Online

4imprint Inc

Current

Customer name and address and information related to their purchases.

780 Inc.

Not Current

On-Line

7th Sense Limited Partnership

Current

Organization, client and consumer. Consumer data includes phone numbers, email addresses and addresses. The data covered does not include manually processed data.

81qd

Current

All personal information received

89degrees, Inc.

Not Current

on-line and off-line customer transaction data

A-CHECK AMERICA, INC.

Current

off-line, on-line, manually processed data

A. M. Castle & Co.

Current

Employee personal data

A. Schulman, Inc

Current

Personal information regarding employees and related to the employment relationship, which includes manually processed data.

...