“If your company transfers consumer data from the European Union to the U.S., you’ll want to know about the U.S.-EU Safe Harbor Program, a voluntary international privacy framework that lets companies transfer data from the EU to the U.S. in a way that complies with EU law. To participate in the U.S.-EU Safe Harbor Program, a company has to self-certify that it abides by seven principles: notice, choice, onward transfer, security, data integrity, access, and enforcement. To help your customers in the EU understand the program, point them to Information for EU Residents Regarding the U.S.-EU Safe Harbor Program. A company that participates in the program can let consumers know by sending out a press release that includes the Safe Harbor certification mark, displaying the Safe Harbor certification mark on its website, or mentioning its Safe Harbor certification in its privacy policy. But a business that says it complies has an obligation to live up to that promise. The FTC has sued companies that claimed they had valid Safe Harbor certifications but had allowed their certifications to lapse, improperly used the Safe Harbor certification mark, or didn’t comply with the Safe Harbor principles. The Department of Commerce website has more information about the Safe Harbor program and a list of companies that currently participate. The FTC’s U.S.-EU Safe Harbor Framework page has guidance materials and details about the agency’s Safe Harbor law enforcement efforts.”