The next set of recommendations seeks to improve how the individual can directly seek resolution to a potential violation of their privacy rights.

5.         The privacy policies on companies websites should include a link to the alternative dispute resolution (ADR) provider and/or EU panel.

Many companies who participate in the safe harbor framework already comply with this requirement. For example, any website which includes the TRUSTe certified privacy seal, also includes links to the TRUSTe dispute resolution services. This is a required component in order for that website to be certified to the TRUSTe program requirements. It should also be noted, that this is a requirement under the APEC CBPR system. Functionally, a Trustmark which certifies the practices of the company against a standard will need to have some means of resolving disputes that that standard is no longer being met. Not only is this good business, it is practically requirement to ensure that the Trustmark is effectively managing its trademark under US trademark law.

6.         ADR should be readily available and affordable.

While the two largest ADR providers in the United States charge fees, most of the Trustmark the United States (BBB, TRUSTe, etc.) Provide ADR services to the consumer for free. Needless to say, this recommendation is already in play where the participating company uses a Trustmark as it’s third-party validation service under FAQ 7.

7.         Department of Commerce should monitor more systematically ADR providers regarding the transparency and accessibility of information they provide concerning the procedure they use and the follow-up to get to complaints.

This recommendation seems to be one more oriented toward government resources and allocation of government funds than the safe harbor program in and of itself. While it would be beneficial for the US government allocate resources to the Department of Commerce to support safe harbor, this is not an intrinsic weakness of the framework itself. Case in point, many data protection authorities within Europe have limited resources to manage much smaller constituencies of business than the US Department of commerce.