Privacy News
A recent survey conducted by TRUSTe and TNS reveals that holiday shoppers are reducing their online shopping this year in response to privacy concerns. »Learn More

Knowledge You Need
TNS and TRUSTe launch a new quarterly Consumer Privacy Index to track attitudes toward privacy -- and it shows that consumer education is needed. »Learn More

Leading Edge
More and more, government and industry are seeing email authentification technologies as a solution to the problems of spam and phishing. »Learn More

TRUSTe News
KnowledgeNet update: What privacy professionals in Chicago and Seattle are talking about. »Learn More

Privacy Resource
Information-sharing disclosure guidelines to help companies comply with California SB27, which goes into effect January 1, 2005. »Learn More

Stay Current!
Privacy events around the world and on the Web. »Learn More

TRUSTe Tech Tip
Increasingly, whitelisting offers commercial emailers a way to ensure valid messages make it past spam filters. »Learn More

Welcome New Members
The newest Web sites to display the TRUSTe seal. »Learn More

TRUSTe wishes you and your loved ones a happy holiday season. This year, we are combining our November and December issues, and will return to our monthly schedule in January 2005.

Fears of Identity Theft Chill Holiday Shoppers

According to the second annual online shopping survey conducted by TRUSTe and TNS, 58 percent of consumers surveyed say they may reduce their online shopping during the holiday season this year due to fear of identity theft and other privacy concerns -- up from 49 percent a year ago. "The results show consumers have been paying attention to the onslaught of spyware, phishing, identity theft, and credit card fraud,"said Fran Maier, executive director of TRUSTe.

Half of the 1,071 people surveyed this year plan to limit their holiday online shopping to some extent. Eight percent are so concerned that they do not plan to shop online at all, up two percentage points over last year. The leading reasons cited by those reducing or halting online shopping:

1. Identity theft concerns (mentioned by 52% in 2004, up from 35% in 2003)
2. Fear of credit card theft (44% in 2004, 30% in 2003)
3. Concerns about spyware potentially being downloaded onto one’s computer (44% in 2004)
4. Receiving spam after purchasing from a Web site (42% in 2004, up from 38% in 2003)

Furthermore, the survey indicated that almost half (46%) of Internet shoppers say they buy only from e-tailers that have a privacy statement or seal.

"There is no doubt that consumers are far more wary of these online threats as we approach the shopping season this year,"said David Stark, privacy officer of TNS, the world's second largest marketing company. Retailers today have to give consumers a reason to trust them with their personal information. A meaningful privacy statement or a privacy seal is an essential starting point.

Consumers were also questioned about their comfort level when making online purchases from brand names as opposed to smaller e-tailers. One-third say they are less willing to buy from smaller online retailers than larger, well-known companies in part because of concerns that smaller e-tailers are more likely to misuse shoppers’ personal information.

The TNS-TRUSTe survey was conducted between October 15 and 20, 2004. It consisted of a total of 1,071 online interviews, and the survey results are considered accurate to within three percentage points 19 out of 20 times. For complete results of the 2004 Holiday Shopping/Online Privacy survey, contact Krystal Putman, marketing associate at TRUSTe.

TNS and TRUSTe Institute Quarterly Consumer Index to Track Consumer Attitudes

TRUSTe has partnered with TNS, the world’s second-largest survey and market information company, to launch the Consumer Privacy Index, a quarterly study of consumer attitudes and behaviors on privacy topics. Privacy professionals, consumer advocates, and the media can use this new index to benchmark the value that individuals place on their personal information.

"Companies are collecting and using information in more beneficial ways than ever,” says Fran Maier, executive director and president of TRUSTe, “but daily advances in technology introduce new threats to privacy and have the potential to erode trust between legitimate businesses and consumers.”

The index, which will be calculated quarterly based on consumer surveys, is designed to monitor overall consumer perceptions of the benefits and risks associated with online transactions. It also tracks consumers’ reactions to new privacy issues as they arise. Survey participants are asked questions such as “What actions have you taken to protect your privacy in the past six months?” and “Can you protect yourself online?”

Results of the initial survey found that many of the 1,068 participants were skeptical of the necessity of giving their personal information to online businesses. Almost three-fourths (71%) don’t like registering at Web sites they visit, and 15 percent refuse to register at all. Some 43 percent stated they do not trust companies to not share their personal information.

Furthermore, consumers appear to have low expectations of the benefits that they receive as a result of sharing their information. Sixty-five percent of the survey participants said that they had received an expected benefit or value from providing their personal information to a Web site, and 10 percent said that companies had exceeded their expectations. One out of four respondents said they were less than impressed with the return on the information they provided.

"TNS and TRUSTe are both dedicated to helping organizations understand industry best practices when it comes to collecting and using consumers’ personal information,” said David Stark, privacy officer of TNS. “Our intention is to build a knowledge base that spans a variety of sectors and helps businesses adapt to changing consumer perceptions on privacy.”

You can find the first Quarterly Privacy Index report on the Materials & Reports page of the TRUSTe Web site. Check back regularly for updates.

Industry and Government Collaborate to Develop Email Authentication Technologies

Advances in email-filtering technologies and enforcement efforts have made spamming a more difficult, less lucrative, business. In response, however, spammers and a growing breed of cyber-scammers known as phishers or spoofers have become more creative -- and malicious -- in their attempts to steal personal information and financial assets from Internet users. These criminals exploit the lack of verifiable identity in email to trick filters and email recipients into thinking the message is coming from a legitimate, trusted source. Phishing is a critical issue as it compromises trust among all Internet users.

To address the growing problems of spam and phishing, industry and regulatory agencies have called for the adoption of email authentication technologies. These technologies verify that the email sender is who it claims to be. By providing a mechanism to confirm senders’ identities, email authentification technologies will enable both spam filters and enforcement efforts to be more effective.

Successful deployment of email authentication is achieved in phases, incorporating multiple approaches and technologies. Today there are two primary methodologies: IP-based solutions such as Sender ID Framework and signature-based approaches such as Yahoo's DomainKeys and Cisco’s Identified Internet Mail. Both have a place in deploying authentication for email.

The federal government, especially the Federal Trade Commission (FTC), has also taken a strong leadership role on anti-spam enforcement. It recognizes the serious implications of spam to consumers and is looking at email authentication as a promising technological development that will allow domain holders to more effectively filter spam. To address these concerns, the FTC held an Email Authentication Summit November 9-10, 2004. Before the summit, TRUSTe submitted comments to the FTC. They can be viewed at http://truste.org/about/legal_and_regulatory.php. At the same time, an additional 35 organizations submitted a letter lauding the FTC for its recognition of email authentication and calling for the rapid adoption of the Sender ID framework.

By working together, government and industry are collaborating to lead the adoption of email authentication to help protect users and restore online confidence. While authentication alone will not stop spam or phishing, it does provide a critical technological foundation for reputation and accreditation services. For more information on how TRUSTe’s email services can help restore trust among your users, click here.

KnowledgeNet Events Identify Pressing Privacy Concerns
By Joanne Furtsch

Two KnowledgeNet lunches I attended in November, one in Chicago and the other in Seattle, addressed a number of hot-button topics in the field of online privacy. To me, these events also demonstrated how interested privacy professionals are in learning more about the field and sharing information with one another. The KnowledgeNets brought together representatives from TRUSTe member companies, the TRUSTe board of directors, IAPP member companies, and local law and consulting firms.

The Chicago KnowledgeNet lunch, hosted by Ernst & Young, featured Justine Gotshall, a partner with Wildman Harrold, as the lunchtime speaker. Justine spoke about recent legislation passed by the state of California: SB27, the information-sharing disclosure law, and AB1950, the new security law. Both laws go into effect in January 2005. Justine also touched upon the wireless provisions of the CAN-SPAM Act.

Thirty professionals crowded into the Seattle KnowledgeNet, hosted by Microsoft, to listen to Paula Selis, senior counsel with the Washington State Attorney General’s Office. Paula summarized some of the efforts that her office is undertaking under CAN-SPAM to bring civil action against known spammers. She also touched upon the difficulties her office is encountering as it attempts to combat phishing. After the speech, there was lively discussion over the speed at which data privacy and security laws are being passed and the influential role California state law plays nationwide.

From talking to a number of the participants in both cities, I believe attendees benefited from being able to speak with others outside their companies about issues that the profession is facing. It also became clear to me that events like the KnowledgeNet are helping people in our field see privacy as a profession in its own right and a viable career path within an organization.

Joanne Furtsch is a senior account manager at TRUSTe. Contact her at jfurtsch@truste.org.

www.privacy.ca.gov/recommendations/recomend.htm

California SB27, otherwise known as the “Shine the Light” law, goes into effect January 1, 2005. Briefly, SB27 declares that if a company shares information about consumers who are California residents with third-party organizations for the latter’s promotional purposes, the company must disclose the names and addresses of these third-party organizations to consumers upon request.

SB27, the first state law of its kind, affects all companies who do business in California. To help companies around the world comply with the new law, the California Office of Privacy Protection, working with an advisory committee that included TRUSTe staff, has developed a recommended practices document. The document does not just lay out a set of rules for complying with SB27: It also defines a set of best practices for crafting privacy policies and information-sharing disclosure documents.

“One way to simplify compliance with multiple laws is to go for the highest common denominator,” says Joanne McNabb, chief of the California Office of Privacy Protection. “In fact, when we looked at other notice requirements such as the California Online Privacy Protection Act, the federal Gramm-Leach-Bliley Act, and HIPAA, they aren’t contradictory. They’re kind of complementary.”

McNabb says her office consulted business as well as consumer advocates in drafting this document, and describes the guidelines as “reasonable and practical.” “There’s a business benefit for following these recommended practices,” she continues, “and there’s a consumer benefit -- consumers won’t have to navigate a dozen different privacy policies.”

Be sure to check the January 2005 issue of this e-newsletter, which will include a “Tech Tip” providing more information on how SB27 affects TRUSTe members’ privacy practices.

KnowledgeNets: Success Breeds More Success

TRUSTe and the Internet Association of Privacy Professionals’ KnowledgeNet lunches, which began in March 2004, have proven to be a resounding success! From Seattle to Boston, Minneapolis to Dallas, professionals across the United States representing all segments of the privacy field have gathered to listen to speakers and network. TRUSTe has received excellent feedback from participants, and attendance in each city continues to grow, with TRUSTe members becoming increasingly active as participants and local chairs. Next year, we plan to begin holding events in Los Angeles, Toronto, and Charlotte, N.C. -- bringing the total number of cities to 13:

Atlanta
Boston
Charlotte
Chicago
Dallas/Fort Worth
Los Angeles
Minneapolis-St. Paul
New York
Philadelphia
San Francisco Bay Area
Seattle
Toronto
Washington, D.C.

Please check the TRUSTe Web site in the next few weeks for the official Winter 2005 KnowledgeNet schedule. If you are interested in hosting a KnowledgeNet event in your city, please contact us. We continue to welcome your feedback on past events and future speakers and topics. Contact Krystal Putman, marketing associate, at kputman@truste.org.

Today spam is more prevalent than ever. Despite laws such as the CAN-SPAM Act of 2003, unwanted, unsolicited email continues to fill consumers’ email boxes at greater rates than ever. In order to reduce the amount of unwanted spam, ISPs have implemented filtering systems that eliminate a large portion of this unwanted email -- as well as many legitimate emails.

Most of these filters also have “whitelisting” capabilities, which offer an effective solution to the problem of blacklisting false positives. Whitelisting must be rooted in a process of authenticating legitimate email practices. To that end, TRUSTe endorses the Bonded Sender program, which has been designed to identify legitimate sources of email, enhance deliverability, and reduce the number of consumer complaints.

As a commercial mailer sending various types of emails, whether commercial, promotional, or transactional, being accepted to the Bonded Sender program enhances your email deliverability by whitelisting your certified IP addresses, ensuring that your emails are delivered to each recipient’s mailbox and not to his or her junk mail folder. If you are an email service provider (ESP), the Bonded Sender program is also designed to assist your downstream mailers.

In a partnership with IronPort, TRUSTe certifies the company's email practices to the standards as defined at www.bondedsender.com. The Bonded Sender program challenges companies to maintain a higher standard regarding their email practices. The benefits for commercial emailers and ESPs are increased deliverability and a positive impact on the bottom line.

-- Michelle Denovan, senior account manager, Bonded Sender

TRUSTe would like to congratulate the following new members on successfully completing our certification process:

Adteractive, Affcheck, Airena, Aria Systems, Cars2match.com, Clon Communications, Conway-Charbeneau Group, Digicast Interactive Media, icanvas.org, Incase Designs Corp., MyEMatch.com, Moviebeam Entertainment, Omnipoint Marketing, Rumble International , Simono Enterprises, Squarespace, Swingthevote.net, Vendio Services, Vinfolio, WhenU.

Got Feedback?
We would like to hear what you think of the TRUSTe Advocate. Send an email with your comments and suggestions to newsletter@truste.org.

TRUSTe is an independent, nonprofit organization that administers the Internet's first and largest privacy seal program.

685 Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org

The views and opinions expressed in this newsletter are those of the contributing authors. TRUSTe presents these views as a service to our members, and does not necessarily share or endorse these views.