From the Desk of the Executive Director:
New Years Resolutions for 2003. »Learn More

Privacy Best Practices:
eBay sports a community of more than 50 million registered users. This month, TRUSTe asks Scott Shipman, eBay's Head Privacy Guru, how he manages privacy for the online market giant. »Learn More

TRUSTe Tips:
Monthly privacy tips for our members. This month: License Agreement 8. »Learn More

Stay Current: 
Privacy and Security Events. »Learn More

New Years Resolutions for 2003
By Fran Maier

At the beginning of each year we often make resolutions - things we want to change or concentrate on in the coming year. For organizations, these resolutions often take the form of goals - sometimes practical, sometimes wishful, and sometimes absolute must-haves. For 2003, TRUSTe has five resolutions of its own:

1. Recruit more participants to the TRUSTe program. Strengthening consumer trust requires that more organizations abide by sound privacy practices. Not only do we offer companies guidance on their privacy policies, but also TRUSTe's third party oversight and consumer dispute resolution processes give consumers more control and redress, primary ingredients for a strong privacy commitment.
   
   
2. Further develop new products and services. Pressure is increasing on industry and regulators to address spam, identity theft and other areas where consumers feel pain. The privacy practices fostered by TRUSTe can extend, in one form or another, into more areas of the digital economy. In 2002, we began significant efforts to address privacy issues in email and wireless communications - both of which are likely to evolve and expand in 2003.
   
   
3. Engage all stakeholders, including our licensees, consumers, policy makers and regulators, in solutions-oriented conversations. The best way to gain support for new products, new initiatives and for ongoing efforts is to work together. With the potential of new federal and state legislative actions, as well as the upcoming review of the Fair Credit Reporting Act, we need to all come to the table with our very best and practical ideas.
   
   
4. Become more transparent. It is important that stakeholders, licensees, advocates, regulators, policy makers, and consumers understand TRUSTe's certification and compliance processes - how we make decisions and how we handle the inevitable issues among our licensee members. This newsletter, by recapping the top Watchdog complaints, takes one step in the right direction. Look out for our upcoming Annual Report (to be distributed in February's newsletter) for further insight into TRUSTe's operations.
   
   
5. Improve our service to you, our members. You are one of our most important assets. Through you and your practices, TRUSTe is able to remain on top of the technology and policy changes and challenges facing industry. With the strength of our licensee member base we can speak with authority to all privacy stakeholders. We plan to reach out to you more in this coming year through this newsletter, our upcoming Privacy Dimensions Conference (July 28-30 in San Francisco), ongoing account updates and other outreach efforts. Stay tuned.

We'd appreciate your help in reaching our goals. Consider telling colleagues at other organizations about TRUSTe. Engage with us to test and develop new products. Share your perspectives on legislation and other developments with us so that we can better represent you. Support our efforts at transparency, and most importantly, tell us how we can better serve you.

Q&A with eBay's Scott Shipman

TRUSTe: eBay is a unique TRUSTe member in that it is both a marketplace and a community of active participants. How does eBay create a safe environment for trading vis-a-vis privacy among its community of more than 50 million users?

Shipman: eBay is fortunate because from the very early stages of the community lifecycle our members have always understood that their privacy is important and that eBay, and each member, has a responsibility to the other to respect their privacy rights. Our privacy practices have evolved with the growth of the community. Early on, the community was very small and could be compared morally to a small town. Users could be trusted to provide accurate information and not abuse information provided to them. Therefore the best privacy practice was to require that every user provide their contact information and to make that information available to any other user that requested it. Trust and safety within the community evolved through members knowing who they dealt with by checking the contact information in a reciprocal based system, where each member received the other's information if a request was made. As the community has grown, eBay has slowly tightened the free flow of information and has implemented procedures to independently verify the accuracy of the information provided by users. Our goal is to facilitate transactions between buyers and sellers and accordingly we have limited the disclosure of information between users to transaction-based requests. Users are always free to contact each other through the site or email and request more information to nurture relationships and community spirit, however eBay will only disclose contact information to users if they are involved in a transaction.

TRUSTe: eBay recently acquired PayPal, the leading online payment system. What has been your strategy in ensuring that privacy remains in tact through the acquisition process?

Shipman: The acquisition process was very interesting from a privacy viewpoint. Fortunately, both companies have the appropriate merger, acquisition or change in ownership clauses. However, that is just the first step. eBay's privacy practice includes a full due diligence report on the privacy health of any potential acquisition to determine what the company's privacy practices are, such as whether the above clause even exists. The next step is holding back the business units that want to begin sharing information before the deal closes. When you find a good fit between companies, the energy and excitement can get the best of people and they want to start working together as soon as possible, in many cases before the deal even closes. Fortunately, both companies are very pro-active and work well with our respective privacy and legal teams so we were able to make sure that information was shared appropriately after the deal closed.

TRUSTe: The industry is increasingly turning its attention to solving the Spam problem. How is Spam impacting the eBay community and what form might a solution take?

Shipman: Spam impacts our members because it clogs their inbox with junk, making it harder to read important eBay messages such as outbid notices and successful bid notices. However, we are focused on spam that imitates eBay email and spam that uses the eBay name to trick eBay users into disclosing their account information or password. Account integrity and data security is a priority at eBay and we are focused to provide a number of solutions to help prevent members from falling victim to spoofed or fake emails. We are working with ISP's to look at the spam issue holistically and find technical as well as legislative solutions. One eBay approach is to launch a communication system that will allow eBay to communicate securely with our members. This may increase member trust with our communications and reduce the likelihood of a member falling for a fake email.

TRUSTe: How has eBay's privacy commitment helped it in the marketplace.

Shipman: The key to any consumer relationship is trust. If consumers do not trust your privacy practices, they will not give you their information and therefore will not use your service. I firmly believe that eBay is one of the most trusted web sites, proven by our large community and the growth we continue to see. Consumers vote with their feet and consumers keep coming to eBay in record numbers.

TRUSTe: The Conference Board recently released a study that pointed to increasing levels of consumer trust in online commerce. To what extent do you think this reflects on industry progress with respect to privacy?

Shipman: I think the increased levels of consumer trust online reflects two key points, hard work by industry and time. The first point is that industry has done a lot of work to show consumers that online companies are safe and secure. If you look at the top ecommerce web sites, most if not all have very good privacy statements that are easy to locate. They focus on readability and ease of use and collect only the information necessary for the transaction. This easily translates to increased levels of consumer trust. The second point is that consumers are becoming less skeptical and more comfortable with the Internet as it continues to age and mature. I think this point is more about the viability of the Internet as a communication device than it is about specific industry players. As the Internet matures and as consumers gain a better understanding of how it works, we will naturally see increasing levels of consumer trust. With any revolutionary concept it takes time to accept and trust.

This Month: Introducing License Agreement 8

In December, TRUSTe launched version 8 of its license agreement. As new companies join the TRUSTe program, or as current members undergo the annual recertification, they will adopt the standards and policies set forth in version 8. Today's announcement is the culmination of a yearlong effort and ongoing commitment to strengthen the certification and compliance elements of the TRUSTe program.

TRUSTe periodically revisits its license agreement to ensure it best reflects emerging trends and technologies, evolving practices, and systemic issues that impact consumer privacy. With substantive input from policymakers, regulators, consumer groups and other leaders in the privacy arena, TRUSTe continues to codify best practices into new versions of its agreement. Moving forward, TRUSTe will take a similar approach, but also incorporate the use of guidelines to best anticipate implementation issues and gather additional data points from the community at-large.

Changes to the license agreement adopted in version 8 include:

• Choice for Sharing with Third Parties: Requires companies to provide consumers with the choice to opt-out before sharing their personal information with any third party unless the sharing is part of a third-party service relationship. Choice no longer hinges on a company's definition of its primary business purpose.
  
  
• Policy Change Requirements: Requires licensees to adhere to user preferences for a specified period of time. These preference changes, also known as "Shelf Life Preferences", must be maintained for no less than 12 months with up front disclosure of intended changes. Furthermore, companies must notify consumers as to the length of time their preferences will remain fixed at the time of registration and via email when preferences expire.
  
  
• Consumer Notice: To better ensure clarity and robust notice, companies are required to gain TRUSTe approval on all notices of a change in practice.
  
  
• Privacy Policy Consistency: Clarifies the requirement that companies ensure that their Comprehensive Privacy Statement is consistent with all other privacy disclosures, such as FAQs and P3P statements.

If you have any questions about the new license agreement, please see our FAQ, call your TRUSTe Account Manager or send email to inquiries@truste.org.

Third Annual Privacy Summit

Date: February 26-28, 2003

Location: Hilton Washington, Washington, D.C.

Over 100 national experts in privacy and data security will analyze and discuss the growing profession of the privacy officer, privacy and data security program development, applicability of law, regulation and data security in today's corporate enterprise through a variety of plenary and 28 concurrent sessions. Included in the

Privacy Summit's outstanding faculty are the Chief Privacy Officers from the following companies: AT&T Wireless; DoubleClick, Inc.; Eastman Kodak; FleetBoston Financial; IBM; Marriott International; Microsoft Corporation; Oracle; Pharmacia, Proctor & Gamble; Sovereign Bank; US Postal Service; University of Pennsylvania; Unum Provident and Verizon

For sponsor, exhibitor and registration information, please go to the Summit website at http://www.privacyassociation.org/html/conf03-about.html or contact the IAPP National Office (800-266-6501).

Got Feedback?
We would like to hear what you think of the TRUSTe Advocate. Send an email with your comments and suggestions to editor@truste.org.

TRUSTe is seeking sponsors for its Privacy Dimensions 2003 Conference

When: July 28-30, 2003

Where: The Sheraton Palace, San Francisco

Contact: Kellie Beakey at LKE Productions at 415-318-8500.