On October 6, 2009, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. The companies were as follows:

World Innovators, Inc.;

ExpatEdge Partners LLC;

Onyx Graphics, Inc.;

Directors Desk LLC;

Collectify LLC; and

Progressive Gaitways LLC

The allegations simply were that these companies represented in their online privacy policies that they were self-certified under the Safe Harbor Program when in fact they had allowed their certifications to lapse.  The FTC, accordingly, alleged unfair and deceptive practices.  These actions come shortly after the FTC pursued Balls of Kryptonite for falsely representing self-certification (when they never had).

The EU/U.S. Safe Harbor framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission. To participate, a company must self-certify annually to the Department of Commerce that it complies with a defined set of privacy principles.

According to an article by Foley and Lardner, “a report published in 2008 by Galexia, an Australian consulting outfit, identified more than 200 organizations that apparently claimed to have self-certified but, in fact, were not current members of the Safe Harbor program.”

These enforcement actions, and no doubt many more to come, are nothing more than a shot across the bow (see my post on the Balls of Kryptonite Action).  The FTC will undoubtedly ramp up investigation and prosecution of these violations as time goes on but needed to start small.  These actions and their relatively mild outcomes are merely a warning: the FTC has their eye on you.

Have you reviewed your privacy statement lately?  Are you self-certified?  Have you kept that certification current?

When it comes to compliance, it’s better to ask for certification than it is to ask for forgiveness.

Popularity: 4% [?]

Related posts:

1. FTC Brings Safe Harbor Enforcement Action The Federal Trade Commission (“FTC”) has secured a temporary restraining order against...
2. German DPAs Require Data Exporters to Verify Safe Harbor Compliance On April 29, 2010, German data protection authorities issued a resolution regarding the...
3. Privacy compliance convergence – HITECH, Safe Harbor and New Mass. Regs. A comparison of compliance programs for HITECH, Safe Harbor and New Mass....
4. FTC Rejects iSAFE’s COPPA Safe Harbor Application FTC Rejects COPPA Safe Harbor ApplicationThe Commission has rejected the application of...
5. FTC Seeks Public Comment on Program to Keep Web Site Operators in Compliance With the COPPA The Federal Trade Commission is seeking public comment on proposed guidelines that...
6. Developing a written information security program – Module 2 Implementation of the WISP and Employee compliance training: In the last...