Welcome to the U.S. – Swiss Safe Harbor
The Department of Commerce and the Federal Data Protection and Information Commission of Switzerland completed negotiations on establishing a data protection framework between the two countries. An exchange of letters was signed on December 9 by the Acting Under Secretary for International Trade, U.S. Department of Commerce, and the Federal Data Protection and Information Commissioner (FDPIC) on the creation of a `U.S.-Swiss Safe Harbor Framework'. The framework will simplify the transfer of personal data by Swiss firms to American companies that self-certify to the U.S. Department of Commerce. In addition to administrative simplifications for businesses, the bilateral data protection framework will also strengthen the data protection rights of those concerned with respect to these companies.
To bridge the different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Swiss data protection law, the U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commission developed a "Safe Harbor" framework. This website provides the information an organization should need to evaluate – and then join – the U.S.-Swiss Safe Harbor Framework. The principal documents which make up the framework are found under the U.S.-Swiss Safe Harbor Documents link under the Main Topics sidebar.
The process for self-certifying to the U.S.-Swiss Safe Harbor Framework is identical to that for self-certification to the U.S.-EU Safe Harbor Framework. The certification form is identical and we have added Switzerland to the country selection imbedded in the form.
To begin, use the following two links to review the information needed to self-certify. We also recommend you review the Safe Harbor Workbook and the Overview to become familiar with how Safe Harbor functions.
IMPORTANT: Please note that you do not have to join the U.S.-EU Safe Harbor in order to self-certify to the U.S.-Swiss Safe Harbor Framework or vice versa. Organizations should also note that when they select “Switzerland” as a country from which they receive personal data, they are self-certifying compliance to the U.S.-Swiss Safe Harbor Framework. It is critically important that the U.S.-Swiss Safe Harbor privacy principles, the 15 FAQs, and the enforcement statement be reviewed before executing the self-certification form.