 |
|
|
|
| |
|
JULY
TOP 5 PRIVACY STORIES
|
|
|
From
the Desk of the Executive Director
Lessons from the Batteries.com story. »Learn
More
TRUSTe
News
‘Batteries’ included: What happens when a licensee violates
its privacy policies -- and how to keep it from happening
to you. »Learn
More
Privacy
Resources
A new study comparing privacy regulation in the U.S.
and the EU yields the advantage to the United States.
»Learn
More
Knowledge
You Need
Sign up for TRUSTe’s preconference sessions at the IAPP
Privacy Academy. »Learn
More
Stay
Current!
Upcoming privacy and security events around the world.
»Learn
More
TRUSTe
Tech Tip
What to do when you go through a merger, acquisition,
or other business change. »Learn
More
Welcome
New Licensees
The newest Web sites to display the TRUSTe seal. »Learn
More
|
|
 |
 |
| |
TRUSTe's credibility rests on enforcing the high
standards to which we hold our licensees. While our goal
has always been to raise the bar for privacy protection
on the Internet, sometimes our licensees may hit a bump.
As
the article below describes, batteries.com
provided a free promotion to their customers, but failed
to consider the range of privacy issues involved. Once
TRUSTe's Watchdog dispute resolution system was triggered,
an investigation of these issues ensued, resulting in
a recommended set of actions for batteries.com to take
to remain in the TRUSTe program.
Batteries.com stepped up to the plate, working with
TRUSTe to remedy its error and prevent future privacy
violations. One of the key lessons the company learned
was that TRUSTe is always willing and able to work with
licensees as they consider changes to its privacy practices
or policies.
The
lesson is clear, especially for small and medium-sized
licensees: A single error can turn best intentions into
a consumer relations disaster. But a single phone call
to your TRUSTe account manager can prevent such errors
from ever happening.
--
Fran Maier
|
|
|
 |
|
| |
Batteries Included
by Stephanie Lim
Our
more news-savvy licensees may have noticed that
TRUSTe and one of its licensees—batteries.com—have
been sharing a bit of the media limelight over
the past few months. During the first week of
April, batteries.com made a small error of judgment
by passing along its customer database to an outside
party to surprise customers with free magazine
subscriptions. A particularly alert consumer who
also happened to be a journalist noted the discrepancy
between the licensee's policies and practices
and aired his grievances in a ZDNet.com
article.
Batteries.com
realized that it had made a mistake and allowed
TRUSTe to help sort through the situation. Apologies
were sent to affected customers, and a new privacy
statement was created to reflect promotional third-party
sharing. TRUSTe also paid an on-site visit to
the company to conduct a privacy seminar, and
helped batteries.com update its customer list
management practices to avoid stepping on any
other customers' toes in the future.
The
batteries.com situation highlighted the responsibilities
of major stakeholders in the privacy arena: consumers,
businesses, and third-party verifiers. Although
TRUSTe and its licensees may play direct roles
in creating, carrying out, and enforcing privacy
policies, consumers also act as enforcing agents,
determining what actions are acceptable. Privacy
is everyone's business.
Consumers
can depend on TRUSTe to respond to their privacy
concerns, and businesses can in turn rely on TRUSTe
to guide them through all related issues -- from
legal predicaments to public relations challenges
-- surrounding the original problem.
TRUSTe
is here to help its licensees gain maximum returns
on their privacy investments, but we cannot do
this alone. It is the responsibility of licensees
to make use of the most important resource that
TRUSTe provides: the counsel of a staff of seasoned
privacy experts. Every licensee is assigned an
account manager who can respond to privacy issues
ranging from third-party promotional sharing to
changes in database ownership as a result of a
merger (see TRUSTe
Tech Tip in this issue).
We'd
like to thank these account managers for doing
a great job with particularly sensitive matters.
We'd like to thank consumers for helping TRUSTe
ensure a high level of compliance. And we'd also
like to thank our licensees -- batteries.com included
-- for their investment in privacy and their confidence
in our expertise and intentions.
|
|
|
|
 |
|
| |
Study Reveals Surprising U.S. Edge Over EU Privacy Standards
by Stephanie Lim
The
privacy practices of TRUSTe-licensed Web sites surpass
those of nonlicensed sites and their European Union
counterparts, reports a recently released study of U.S.
and EU privacy standards.
The
differences between the United States' self-regulatory
system of ensuring the privacy of personal data and
the European Union's standardized privacy practices
once seemed irreconcilable. Then the European Union
passed the European Directive on Data Protection (EU
Directive 95/46/EC) in 1998. The directive
became the European Union's first attempt at standardizing
privacy issues on an international level, stomping through
Internet legislation territory that the U.S. government
has avoided. To ensure compliant trans-Atlantic e-commerce,
the U.S. Department of Commerce created a Safe
Harbor framework for American Web sites to
certify compliance with the EU directive.
Several
years have passed since the directive first took hold.
A study conducted by the American Enterprise Institute
and the Brookings Institution has yielded surprising
results regarding the effects of this recent legislative
effort: Despite the nation's self-regulatory system,
United States-based Web sites practice more conscientious
privacy methods than their government-mandated EU counterparts.
Released
last month, the study, 'Enforced Standards Versus Evolution
by General Acceptance: A Comparative Study of E-Commerce
Privacy Disclosure and Practice in the US and the U.K.,'
actually compared US and EU privacy issues as model
test subjects to examine financial reporting under the
two governments, where the situation is reversed (in
the States, financial reporting is federally mandated;
it is self-regulated in the European Union).
Though
the conclusions of the report were geared toward the
financial services sector, the study's examination
of privacy issues yields fascinating data. The
study compared privacy practices in the two countries,
specifically examining privacy policies, disclosure
rates, cookie usage, and email frequencies. Whereas
cookie usage is higher among United States-based Web
sites, American sites are more likely than their EU
counterparts to disclose the usage of such cookies.
United States-based sites are also more likely to make
their privacy statements easily accessible. Sites posting
TRUSTe seals scored the highest across all categories.
'Contrary
to its intent, the [EU] privacy disclosure law appears
to have eliminated the incentives for the Web sites
to use Web seals as signals of their good privacy practices
to consumers,' the study concluded. 'In the absence
of mandated standards, US Web sites tend to view the
disclosure of privacy policies as an instrument of their
marketing strategy to attract consumers. Accordingly,
they make it easy to find their statements of policy,
and adhere to these policies reasonably closely.'
The
study report is available online in PDF
format.
|
|
|
 |
|
| |
TRUSTe Presents Practical, Informative Workshops on
Web Privacy and Email
New
to the world of online privacy? Concerned that an incomplete
understanding about anti-spam legislation may be putting
your company at risk? On October 29, from 1:00 to 5:00
p.m., TRUSTe will hold two preconference workshops on
privacy issues and spam at the
IAPP Privacy Academy in Chicago. The instructors:
TRUSTe staff and privacy experts from some of the top
companies in the United States -- Microsoft, Oracle,
Doubleclick, just to name a few.
Practical
Privacy Workshop
Through the use of case studies and field testing, participants
will gain insight into the ins and outs of current privacy
challenges for businesses and how trust seals can affect
response rates and purchasing behavior. Participants
are encouraged to submit their companies' privacy statements
to TRUSTe prior to the workshop (email it to privacyleader@truste.org),
and schedule time to meet with representatives of TRUSTe
and Watchfire to review the statement and compliance
issues that your Web site may be experiencing.
How
Not to Be a Spammer!
Participants will learn from email experts the do's
and don'ts for responsible email marketing, focusing
on everything from acquisition of email addresses and
anti-spam state law compliance to working with white
and black lists and making sure your messages get delivered.
TRUSTe
licensees receive a discount on registration fees for
both the preconference sessions and the academy. Register
now!
|
|
|
| |
 |
|
| |
Here are a few upcoming privacy-related conferences
and workshops around the world.
IAPP
Privacy Academy
Dates:
October 29-31, 2003
Location:
Chicago, Illinois
Overview:
The IAPP Privacy Academy will offer the background
knowledge you need on privacy law, corporate privacy
infrastructure, enforcement, the role of the company
privacy officer, and management of privacy and security.
Stay tuned for TRUSTe preconference sessions on "How
not to be a spammer!" and a practical working
session on tools for Web site privacy. Visit the IAPP
Web site to sign up to receive a copy of
the program once it is published.
25th
International Conference on Data Protection and Privacy
Dates:
September 10-12, 2003
Location:
Sydney, Australia
Overview:
Business leaders and privacy professionals from around
the world will be gathering in Sydney this September
to meet with key decision-makers in the Asia-Pacific
region and to hear about international privacy regulation,
implementation, and the privacy needs of consumers.
With the theme of "Practical Privacy for People,
Government, and Business," sessions will focus
on technologies, marketing and relationship building
within a privacy framework, compliance, and consumer
advocacy. To learn more about the conference or to
register online, visit the conference
Web site.
First
International Congress on e-Commerce Trustmarks
Dates:
September 17-19, 2003
Location:
Luxembourg-Kirschberg, Luxembourg
Overview:
To spark an international exchange of ideas on securing
consumer confidence in e-commerce, the Ministry of
the Economics of the Grand Duchy of Luxembourg is
organizing the First International Congress on Trustmarks
in Electronic Commerce. More than 300 representatives
from the business, government, and nonprofit sectors
are expected to attend this congress. Presenters hailing
from all over Europe, Asia, and North America will
discuss e-commerce trends, consumer expectations,
and the role of national and international public
authorities and nongovernment organizations such as
TRUSTe.
The registration fee for the three-day conference is 570 euros (US$646). For more information on the congress or to register as a participant, visit www.e-trustmarks.lu.
Fifth
Annual Privacy Conference -- Special Offer for TRUSTe
Licensees!
Dates:
September 30-October 2, 2003
Location:
Blackwell Hotel, Columbus, Ohio
Overview:
TRUSTe is pleased to be a sponsors of the Fifth Annual
Privacy Conference, which is organized annually by
the Technology Policy Group at Ohio State University.
This year's theme, "Information, Security, and
Ethics in the Digital Age," will be tackled by
experts from all over the United States, and sessions
will be organized into financial, business, healthcare,
and government tracks. Keynote speakers include Orson
Swindle, FTC commissioner, and Nuala Kelly, chief
privacy officer at the US Office of Homeland Security.
For
a complete agenda, travel information, and online
registration, visit the PrivacyCon2003
Web site. TRUSTe licensees are eligible
for a significant discount on registration. For the
TRUSTe password, please call Michelle Lucas at (415)
618-3402 or George Mamashiani at (415) 618-3403.
|
|
|
 |
|
| |
Tech Tip: When undergoing
a business transition such as an acquisition, merger,
or bankruptcy, businesses need to provide their customers
notice, and in some cases choice, regarding the transfer
of their information to the new controlling organization.
When
going through a business transition, especially one
that requires the sale or transfer of personally identifiable
information to another organization, TRUSTe licensees
need to take the following steps to remain in compliance
with TRUSTe's requirements:
1.
Review your company's privacy policy to assess
what promises have been made to users regarding the
sharing of their personal information.
2.
Contact your TRUSTe account manager as soon as news
of the business transition becomes publicly known or
within 10 business days of the change, whichever comes
sooner. Be prepared to have answers to the following
questions:
- Does
the new controlling organization wish to remain in
the TRUSTe program?
- Will
the business be changing or retaining its current
business model?
- Will
the use of personal information that is collected
through the site change?
- Will
the name of the company or the site change?
Based
on the answers to these questions, your account manager
will work with you to determine what updates to your
privacy statement you need to make as well as the level
of notice and choice that you must provided to Web site
users.
3.
Send in a letter of reassignment, as required within
the TRUSTe license agreement, to transfer your license
to the new controlling organization. TRUSTe must consent
to all such transfers. Your account manager will be
able to provide a sample reassignment letter to get
you started.
-
Joanne B. Furtsch, senior account manager
|
|
|
 |
|
| |
TRUSTe would like to congratulate the following new
licensees on successfully completing our certification
process:
Anytime
Photo, Contestix.com Corp., Continental Promotion Group,
Digital Moses, Enfocus Software, Haestad Methods, Levenger,
PurpleCards Pte, Zix Corp.
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
TRUSTe
is an independent, nonprofit organization that administers
the Internet's first and largest privacy seal program.
685
Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org
|
|
|
 |
|
 |
|
