Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
Until just a few weeks ago, the Federal Trade Commission (FTC), which enforces the Safe Harbor, had not commenced a single enforcement action in the nine years that the Safe Harbor has been in effect. Last week, the FTC requested public comment on six separate settlements of complaints alleging that multinationals had violated the Safe Harbor by representing to the public that they were current members of the Safe Harbor even though their certification was not up-to-date. Notably, the settlements do not include any monetary penalties, but instead would enjoin the targets from future misrepresentations about their Safe Harbor status.
The lessons learned include the following:
- Multinationals must take compliance with all of the Safe Harbor’s requirements seriously; there is now some enforcement risk.
- The next, most likely enforcement step would be the FTC’s request to review the mandatory, annual self-assessment or third-party assessment of Safe Harbor compliance. The FTC would not have to expend any resources to “look behind” the assessment to find a violation. The failure to conduct the required annual assessment itself would be a violation.
- Given the above, multinationals certified to the Safe Harbor should promptly confirm that their certification is current and conduct an assessment of their compliance with the Safe Harbor if they have not performed one during the preceding year. To the extent the assessment reveals any gaps in compliance, the gaps should be closed.
This entry was written by Philip L. Gordon.