 |
 |
|
|
| |
|
TOP
5 STORIES OF THE MONTH
|
|
|
Symposium Wrap-Up
At the TRUSTe-IAPP Privacy Futures symposium, attendees focused on building their brand through strong privacy practices.
»Learn
More
Industry Best Practices
Who are the "Most Trusted Companies in America"? TRUSTe and the Ponemon Institute found out. »Learn
More
Leading Edge
Larry Ponemon reports the findings of the Ponemon Institute's new Cost of Privacy study.
»Learn
More
New
Benefits
BizRate Web site profiles will now feature your TRUSTe Seal.
»Learn
More
TRUSTe News
TRUSTe has filed an amicus brief arguing that dynamic IPs do not necessarily constitute personally identifiable information. »Learn
More
Stay
Current!
Privacy events around the world and on the Web. »Learn
More
TRUSTe
Tech Tip
Conduct regular reviews of your Web site to make sure your privacy statement is still valid. »Learn
More
Welcome
New Members
The newest Web sites to display the TRUSTe seal. »Learn
More
|
|
 |
|
| |
TRUSTe-IAPP Symposium Signals New Direction for the
Field of Privacy
Some
400 privacy professionals converged in San Francisco
June 9-11, 2004, for "Privacy Futures," an
international symposium sponsored by TRUSTe
and the International
Association of Privacy Professionals.
The
three-day conference brought together representatives
of government, industry, and consumer advocacy groups
for an exciting interchange of ideas about the future
of privacy. In the plenary sessions, futurists Thornton
May, John Patrick, and Bob Johansen described their
vision of changing technology in the coming decades,
particularly the growing capacity of the Internet to
reach out of our laptops and into our daily lives.
But
in numerous workshops and informal conversations, it
became clear that attendees were more attuned to a new
shift in how organizations view privacy: Privacy is
not just about managing risk or about complying with
state and federal laws, many said. Having a strong,
consistent privacy policy is a powerful way to build
the value of one's brand.
The
announcement of TRUSTe and the Ponemon Institute's "Most
Trusted Companies in America" Awards (see
article below) highlighted just how strong
the link between privacy practices and consumer trust
has become. The "Privacy, Trust, and Your Brand"
track drew some of the biggest crowds for sessions such
as "Do Seals Matter," "Communicating
Privacy" (which featured TRUSTe members AT&T
Wireless, Intuit, and Yahoo), and "Your Online
Profile."
But
as numerous presenters made clear, compliance issues
are not going away. The conference track on international
issues attracted participants from nine countries to
discuss cross-national regulatory challenges and opportunities.
Federal Trade Commission director Howard Beales described
the FTC's growing role in enforcement of privacy and
CAN-SPAM violations in the United States.
In
the California legislator panel, California Assemblymember
Joe Simitian asserted that U.S. states are going to
continue to play a role in shaping the national regulatory
framework. "We're not going to get a single, meaningful
federal standard unless states pass it in a patchwork
matter," he said. California Senator Liz Figueroa
called on business to take a more active role in working
with state legislators to refine legislation before
it gets passed.
"For
the team," said TRUSTe president and CEO Fran Maier,
"the conference was an exciting opportunity to
interact with privacy leaders from around the world.
Our account managers and sales staff, who often work
with members over the phone and email, welcomed the
chance to put faces to names."
TRUSTe
is committed to helping you keep your eyes on the horizon.
Look to this newsletter in the coming months for articles
from many of the symposium presenters.
|
|
|
 |
|
| |
TRUSTe and Ponemon Institute Recognize Most Trusted
Companies for Privacy in America
At
the TRUSTe-IAPP Privacy Futures Symposium on June 10,
2004, TRUSTe
and the Ponemon
Institute announced their awards for "Most
Trusted Companies for Privacy in America." The
top ten:
1.
eBay
2. American Express
3. Procter & Gamble (all brands)
4. Amazon
5. Hewlett Packard
6. U.S. Postal Service
7. IBM
8. Earthlink
9. Citibank
10. Dell
The
awards were based on a study conducted by the Ponemon
Institute, a Tucson-based think tank dedicated to advancing
responsible information-management practices. The study,
which polled more than 6,300 consumers, also reveals
the three top criteria that consumers apply to gauge
a company's trustworthiness:
- Overall
reputation for product and service quality
- Limits
on collection of customers' personal information
- Use
of advertisements and solicitations that respect consumer
privacy
"This
survey shows that companies that make privacy a core
value are rewarded by consumers with brand loyalty,"
said Fran Maier, president and executive director of
TRUSTe. "Effective companies don't consider privacy
a compliance activity but rather a brand differentiation.
We are pleased that TRUSTe sealholders are well represented."
More than 25 percent of the top 20 corporations named
are TRUSTe members.
Consumers
were also asked what worried them most if their personal
information were leaked to individuals or organizations
that were not authorized to receive the information.
Seventy-six percent said that identity theft was their
biggest concern, followed by spam concerns (58 percent)
and fears related to loss of civil liberties (48 percent).
The
survey portion of the study asked respondents to name
up to five companies that they believed to be the most
trusted for honoring their privacy commitments. Specific
company names were not provided in the survey instrument,
allowing consumers to make their judgments without constraints.
If
you would like to review the study findings, contact
Carolyn
Hodge of TRUSTe to request a copy of its
final report.
|
|
|
 |
|
| |
New
Study Reveals Corporate Privacy Spending Patterns
by Larry Ponemon
Is
it possible to measure a company's investment in its
privacy and data protection program? The recently released
Cost of Privacy Study conducted by the Ponemon
Institute provides an analysis of corporate
spending on privacy protection.
The
study, commissioned by IBM, surveyed 44 United States-based
multinational organizations. It revealed that while
privacy protection is growing in importance for businesses,
investments in privacy initiatives are significantly
lower when compared to other corporate compliance initiatives,
such as environmental or ethics programs.
Spending
on privacy among the organizations surveyed varied from
approximately $500,000 to about $22 million annually.
This difference can be attributed to the varying stages
of implementation of privacy initiatives.
The
companies surveyed fell into one of three implementation
stages: the early, or planning and architecture stage;
the middle, or launch and implementation stage; and
the late, or operational and maintenance stage. Spending
on privacy protection increased noticeably the further
along organizations were in the implementation process
of their privacy initiatives.
Of
the 44 companies surveyed, the majority are in the early
stage, and spend an average of $3.9 million a year on
privacy. These companies should anticipate significant
increases in spending as their privacy programs enter
the advanced stage, in which companies spend an average
of $14 million per year. The spending increases are
a result of such late-stage activities as running employee
training sessions, performing self assessments, conducting
independent audits, securing vendor relationships, and
obtaining Web site certification. Late-stage companies
are more likely to deploy technology to manage privacy
preferences or perform data management audits. Early-stage
companies, on the other hand, focus on planning and
high-level executive tasks. Early-stage program activities
appear to focus on short-term rather than strategic
objectives.
The
study is important because it provides an objective
indicator -- the money companies are spending on programs
-- of how important an initiative is to an organization.
Privacy protection and compliance is a relatively new
issue for many organizations, and there is little information
regarding the processes and costs required to ensure
privacy protection for customers, employees, and business
partners. By analyzing how companies allocate and spend
resources on privacy protection, more attention will
be paid to privacy management as a business issue.
For
a copy of the full Cost of Privacy report, please contact
the Ponemon Institute at (520) 290-3400.
Larry
Ponemon, PhD, is chair and founder of the Ponemon Institute
in Tucson, Ariz.
|
|
|
 |
|
| |
TRUSTe Forms Partnership with BizRate
TRUSTe
and BizRate, the largest and fastest-growing shopping
search engine on the Web, have partnered to increase
the value of your privacy investment on the Internet.
Now your certification by TRUSTe is notated on your
BizRate pages, giving consumers another reason to choose
your online store.
BizRate,
the foremost independent merchant rating company on
the Web, lists more than 40,000 online stores. In addition,
the Web site gathers ratings and reviews from more than
one million buyers each month. BizRate now displays
the TRUSTe seal for all TRUSTe members on its store
ratings pages.
To
view your company's store ratings, go to www.bizrate.com,
enter your organization's name, and select "Store
Ratings." If you have any additional questions
regarding this new partnership, contact Krystal Putman
at kputman@truste.org.
|
|
|
 |
|
| |
TRUSTe Files Amicus Brief in Case Involving Dynamic
IPs
On
June 9, 2004, TRUSTe filed an a brief of amicus curiae
to the U.S. Court of Appeals, 6th Circuit, in the case
of Klimas vs. Comcast Corp. The plaintiff is appealing
a decision handed down by a lower district court, which
ruled that that dynamic IP addresses that are not associated
with personally identifiable information (PII) are not
themselves PII.
TRUSTe
filed the brief in support of the defendant, Comcast,
because the lower court's definition of PII matches
TRUSTe's. Dynamic IP addresses are anonymous and temporary,
and they only identify computers, not users. In TRUSTe's
view, dynamic IPs do not raise privacy concerns as long
as they are not associated with data on specific consumers.
"If
the court overturns this decision, it would have broad
consequences for business," says Martha Landesberg,
senior policy advisor for TRUSTe. "Anonymous IP
addresses are a ubiquitous way to track consumer movements
and use that data in aggregate. We think the decision
was correct and are pleased to support it in the appeals
court."
The
court should render a decision by the end of the year.
If you would like to read the amicus brief, visit TRUSTe's
website.
|
|
|
 |
|
| |
Privacy Laws and Business 17th Annual International
Conference
Location:
St. John's College, Cambridge, U.K.
Dates:
July 5-7, 2004
This
year's program, whose theme is "Integrating
Privacy Into Your Business Strategy," marks
the development of privacy and data protection
values as a key constituent of many organizations'
business strategies. Privacy values are vital
because they visibly influence the way that organizations
deal with customers, prospects, employees, shareholders,
and the media. Privacy regulators will explain
their compliance and enforcement strategies. Participants
will also learn how to prevent privacy vulnerabilities,
develop a defensible legal position, and respond
effectively if problems occur. For more information,
visit www.privacylaws.com.
More
Knowledge Net Luncheons Coming to a City Near
You
IAPP
and TRUSTe have scheduled a second round of the
Knowledge Net Luncheons! Watch your inbox for
an email invitation to join us for these free
networking luncheons, brought to you by the IAPP,
TRUSTe, and Ernst & Young. Dates:
| NYC:
June 30 |
San
Francisco: July 21 |
| Washington,
DC: July 12 |
Chicago:
July 27 |
| Philadelphia:
July 15 |
Baltimore:
July 28 |
For
more information on these events, contact Krystal
Putman, marketing associate, at kputman@truste.org
or (415) 520-3421.
|
|
|
|
 |
|
| |
Tech Tip: Companies should review their privacy policy
on a regular basis to make sure the privacy policy accurately
reflects their current data collection and handling practices.
Privacy
policies are living documents. A company's privacy practices
may change or evolve due to the growth of its business.
New services are added. New marketing programs are launched.
Sometimes companies restructure themselves, refocusing
the business strategy. Sometimes they add new technologies
to better serve Web site visitors, such as utilizing
a tracking utility to better understand how visitors
navigate the site.
When
these types of events occur, you must review your company's
privacy policy to determine whether the new practice
is in line with the privacy statement as currently worded,
or whether the privacy policy will need to be updated
to accurately reflect the new practices.
At
a minimum, TRUSTe sealholders should review their privacy
policies on an annual basis, even if there is the belief
that nothing has changed. One tool that you can use
to conduct a privacy-practices assessment is TRUSTe's
self-assessment
form (in MS Word format). Be sure to involve
all parties who handle customer data -- at a minimum,
management, marketing, legal, operations, and IT --
in the annual privacy review process.
Once
your company has completed its self-assessment process,
consult with your company's account manager at TRUSTe
to determine whether a change in practices does have
an impact on the privacy statement. The account manger
will work with you to update your privacy statement
if needed and will ensure that you give customers proper
notice that the privacy policy has been changed.
--
Joanne Furtsch, senior account manager
|
|
|
 |
|
| |
TRUSTe would like to congratulate
the following new members on successfully completing
our certification process:
Bullguard
LTD, ClickDiario Network Internet Corp., Dotomi, Fashional
Technologies, Funchasers LLC, Gamelink, Hard Hat Hosting,
International Institute for Learning, LateralLaw.com
LLC, Law Society of Upper Canada, Napster, Serana Monserate
Corp., Serenade Systems, Spinweb, Tenant Plus Corp.,
WP Associates.
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe
Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
TRUSTe
is an independent, nonprofit organization that administers
the Internet's first and largest privacy seal program.
685
Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org
|
|
|
 |
|
 |
|
