Safe Harbor FAQ 6 states, in part, that:
“The Department (or its designee) will maintain a list of all organizations that file such [self-certification] letters, thereby assuring the availability of safe harbor benefits, and will update such list on the basis of annual letters and notifications received pursuant to FAQ 11. Such self-certification letters should be provided not less than annually.” (Emphasis Added)
An organization may meet the aforementioned requirement by updating, where appropriate, and reaffirming its existing self-certification. An organization’s submission must be made on or before the anniversary of the day on which the organization’s original self-certification was finalized.
An organization will be provided with a reasonable grace period in which to reaffirm its commitment to the Safe Harbor Framework(s); however, if an organization does not reaffirm by the end of this period, its “Certification Status” will change from “Current” to “Not Current”. An organization’s certification status is reflected on the lists that appear on the Safe Harbor website.
An organization may reaffirm its commitment via the Safe Harbor website, as well as via e-mail or letter. An authorized corporate officer must reaffirm the four reaffirmation points listed below. We strongly recommend that an organization reaffirm via the Safe Harbor website, as this option is the one best equipped to process submissions in a timely and accurate manner. Please note that the four reaffirmation points will appear on a designated web page when an organization reaffirms on-line via the Safe Harbor website.
For all reaffirmations due on or after April 1, 2009, an organization must remit payment of a nonrefundable $100.00 recertification processing fee. The recertification processing fee is payable annually on or before the anniversary of the original certification. Payment may be made by check or online by credit card. The processing fee is used to defray the costs associated with administering the Safe Harbor program.
1. Go to the Safe Harbor website homepage: http://export.gov/safeharbor/
2. Click on the Safe Harbor Login / Certification Form link (https://safeharbor.export.gov/login.aspx) located under Safe Harbor on the left navigation bar. A login window will open prompting you to enter the organization’s username and password. Enter the organization’s username and password and then click on the Submit button.
Note: If you remember the username, but not the password, please use the password reset tool available on the login web page. If you cannot remember the username, please contact us and we will attempt to retrieve it. Please do not attempt to register a new username. If we are unable to retrieve the username, we will reset both it and the password and send the new ones to the relevant point of contact within the organization.
3. The next page to open will present three choices: a) Update Profile; b) Change Password; and c) Reaffirm Safe Harbor Application. Click on the Reaffirm Safe Harbor Application link.
Note: Choice (c) should only appear as Reaffirm Safe Harbor Application when the organization is due to reaffirm its commitment (n.b. a period that typically begins one month before the anniversary of the organization’s original self-certification), otherwise it will appear as Update Safe Harbor Application.
4. The next page to open will be the organization’s self-certification record. Review the information contained therein, update as needed, and then click on the Continue button at the bottom of the page.
5. The next page to open will be the reaffirmation page. An authorized corporate officer must read each of the four reaffirmation points, indicate compliance by ticking each of the corresponding boxes, and then click on the Continue button.
6. The next page to open will be the payment page.
Note: If the organization receives organization human resources data (i.e. personal information about the organization's own employees, past or present, collected in the context of the employment relationship) from the European Union (EU), then it must select the EU data protection authorities (DPAs) to serve as an independent recourse mechanism for dispute resolution. If the organization has chosen the EU DPAs for dispute resolution, regardless of whether the organization receives organization human resources data, then the organization must pay an annual fee of US $50 to cover the operating costs of the EU DPAs' dispute resolution panel.
Special Note Regarding the U.S.-Swiss Safe Harbor Framework:
Special Note Regarding Renewal Notices:
Special Note Regarding Lapsed Certification Status: