Knowledge You Need
A new study shows that putting privacy at the center of data collection forms results in increased trust -- and sales. »Learn More

Commentary
Current concerns in Canada over data privacy and the U.S. Patriot Act may not take into context long-existing practices. »Learn More

Privacy In The News
The Privacy Rights Clearinghouse goes toe to toe with Albertsons over the chain's use of pharmacy customers' data. »Learn More

Leading Edge
The International Association of Privacy Professionals inaugurates the world's first privacy professional certification. »Learn More

New Partnership
TRUSTe and NetCreations inaugurate a new point-of-collection initiative. »Learn More

Privacy Resource
The new TRUSTe Web site: More attractive, easier to navigate, and richer in resources. »Learn More

Stay Current!
Privacy events around the world and on the Web. »Learn More

TRUSTe Tech Tip
Sometimes posting a link to your privacy policy at the point of data collection isn't enough. »Learn More

Welcome New Members
The newest Web sites to display the TRUSTe seal. »Learn More

Clear Privacy Practices Boost Online Sales by 33 Percent
by Alfred Kobsa

Numerous surveys have demonstrated that online shoppers are concerned about their privacy, specifically about the confidentiality of the personal data they provide to online retailers. Current privacy disclosures in the form of online privacy policies are ineffective in allaying such concerns. They are written in a lengthy and legalistic manner. In effect, Internet shoppers hardly ever read them.

In collaboration with Humboldt University in Berlin, I tested a different approach that is grounded in human-computer interaction research. We developed Web design templates in which every entry field for customers' personal data is accompanied by a clear and concise explanation of how the retailer will deal with the respective piece of data, as well as the benefits that customers can expect from sharing their personal information.

In one experiment, we compared users of an online book retail Web site that used a traditional privacy disclosure with users of the same Web site after it was redesigned based on our templates. The differences between the two groups were surprising: Subjects in the second group not only rated the site's privacy practices significantly higher, answered 8 percent more questions and gave 20 percent more answers, but also rated the perceived benefit resulting from data disclosure significantly higher -- and bought books 33 percent more often, even though both groups obtained identical recommendations.

This outcome may be explained by an increase in trust in the Web site through the clear and concise description of privacy practices and personalization benefits, which in return prompted users to share more data, reduced their fear of disclosing their identities, and eventually lead to more purchases.

Brand reputation is also known to increase people's trust and willingness to share personal data. A follow-up experiment demonstrated, however, that an online retailer with average brand reputation will achieve these effects better by using our privacy-oriented design patterns than by raising the brand reputation to the level of, say, Amazon.com.

The full research report is available as a PDF file from http://www.ics.uci.edu/~kobsa/papers/2004-PET-kobsa.pdf.

Alfred Kobsa is a professor at the University of California, Irvine. He is interested in collaborating with Web retailers to put this approach into practice. Please contact him through his professional Web site.

Canadians' Concerns Over the U.S. Patriot Act May Not Take Into Account Broader Context
by Fred Cate

Note: An article by Michael Geist in the August 2004 issue of the TRUSTe Advocate regarding Canadians' concerns over the effect of the U.S Patriot Act on the privacy of their personally identifiable information sparked spirited discussion among some TRUSTe members. TRUSTe asked Fred Cate to respond to the concerns the initial article raised.

The ongoing inquiry by British Columbia information and data privacy commissioner David Loukidelis into the impact of section 215 of the U.S. Patriot Act on Canadians' privacy has prompted considerable discussion in North America and Europe, sparking the filing of more than 400 comments with the commissioner's office.

While concerns about section 215, which empowers the FBI to obtain secret orders from the Foreign Intelligence Surveillance Court to seize "any tangible thing" connected to a terrorism investigation, are well founded, the current debate ignores at least three important contextual factors.

First, the U.S. government has long had the power to seize private information secretly, and not only for national security. For more than a century, federal and state governments have empanelled grand juries that conduct criminal investigations, including requiring the production of documents, in secret. Most federal regulatory agencies and government prosecutors exercise similar powers.

The broad range and long history of legal authority for government access to private data does not make that authority right, but these factors do suggest that the current debate may risk missing the forest for a single tree -- section 215 -- which, in fact, is scheduled to expire automatically at the end of 2005. They also cast doubt on current predictions about the magnitude of threat posed by section 215. Moreover, they might lead one to wonder about the timing of the current controversy and why this issue has only come to light as part of a bigger, politically sensitive debate over outsourcing.

Second, despite the focus of the current debate on the supposed dangers of providing information to U.S. companies, U.S. courts apply this law to all companies doing business in the United States, irrespective of nationality. Foreign companies (including Canadian companies) with an office in or doing business in the United States have long been required to produce customer records, even though the company was not domiciled and the records were not located in the United States.

The frequent and longstanding application of U.S. law to both U.S. and non-U.S. enterprises -- however objectionable -- suggests that proposals to solve the "section 215 problem" by restricting the sharing of personal data only with U.S. corporations are more likely to result in national economic protectionism than protection of personal privacy.

Finally, while the perceived arrogance of the Bush administration when dealing with other nations has understandably contributed to the perception that the United States is alone in allowing the secret seizure of personal information, in reality, most national governments exercise similar powers. The EU Data Protection Directive does not even apply in national security contexts.

Privacy, like terrorism, presents many complex and inherently multinational challenges. Concerns over section 215 -- as well as over the many other provisions of U.S., Canadian, and European laws that permit government access to private data -- are well justified, but they will not be resolved through unilateral action or information embargoes. Rather, their resolution will require diplomacy and the development of a multinational conception of how we address security and privacy, and what tools we can use to achieve both.

Fred H. Cate is a distinguished professor and director of the Center for Applied Cybersecurity Research at Indiana University, as well as a senior policy advisor at the Center for Information Policy Leadership at Hunton and Williams.

Privacy Rights Clearinghouse Sues Albertsons Over Use of Pharmacy Customers' Data
by Jordana Beebe

On September 9, 2004, the San Diego-based Privacy Rights Clearinghouse (PRC), a consumer education and advocacy organization, announced that it filed a lawsuit in California Superior Court charging supermarket giant Albertsons and its pharmacy units, SavOn, Osco, and Jewel-Osco, with violating the privacy rights of thousands of its customers. The PRC alleges that Albertsons has illegally used customers' confidential prescription information to conduct targeted marketing campaigns on behalf of drug companies.

The complaint asserts that Albertsons' pharmacy customers received direct mail and phone solicitations derived from confidential medical information they provided to the pharmacy solely for the purpose of filling prescriptions. Pharmaceutical companies wrote or approved the content of solicitations that were mailed by Albertsons on its letterhead to pharmacy customers using the customer data in its prescription database.

The mailings -- and at times phone calls -- recommended that customers renew their prescriptions, switch to a successor drug manufactured by the same drug company, or switch to an alternative medication. Recommendations to change pharmaceuticals were conducted without the supervision of the patients' doctors.

Although solicitations were portrayed as "reminders" to refill prescriptions, or "advice" on another medication to take, the PRC believes that Albertsons' primary motive for breaching the confidentiality of pharmacy customers' medical conditions was to increase drug sales to its pharmacies and to benefit the drug-company sponsors paying for the marketing campaign. This constitutes a deceptive business practice, according to the PRC.

Although the federal HIPAA privacy rule allows some types of marketing, California law is more restrictive. Under California's Confidentiality of Medical Information Act (Civil Code §56.10), pharmacies and other healthcare providers are prohibited from disclosing medical information without first obtaining authorization. The law also states that except when expressly authorized by the patient, no companies can intentionally share, sell, or otherwise use personal medical information for any purpose not necessary to providing healthcare services. In other words, according to the PRC, Albertsons should have given customers an opt-in right to consent with full notice, rather than an opt out.

For more information about the case, see http://www.privacyrights.org/ar/PharmRelease.htm.

Jordana Beebe is communications director of the Privacy Rights Clearinghouse.

TRUSTe Partners With NetCreations to Increase Consumer Confidence Around Collection of Personal Information

This month, TRUSTe announced that it has partnered with NetCreations, a permission-based list management company, to test a new TRUSTe Web site point-of-collection seal to increase consumer confidence when providing personal information online.

The aim of the initiative is to develop new point-of-collection methods for educating consumers on the use of their personal information. "Email is one of the most effective media for businesses to communicate with their customers, but the value is marginalized if consumers don't feel empowered," said Fran Maier, executive director and president of TRUSTe.

The new initiative will be tested in the market over the next few months. During the testing phase, feedback from all participants will be gathered and analyzed, the standards for list owners finalized, and the name and design of the Web-based seal finalized. All list owners involved in the test are under NetCreations' management.

NetCreations pioneered and patented the "Double Opt-In" list building process -- a 100 percent opt-in service -- which anti-spam groups, ISPs, legislators, industry trade groups, marketers, and consumers agree is the high bar of permission. "The partnership with TRUSTe allows us to move forward with our mission to create the most comprehensive privacy standards and certification programs for our clients and the customers they serve," said Michael Mayor of NetCreations.

Watch for more information on the results of testing this proposed seal program in the coming months.

The International Association of Privacy Professionals (IAPP) is offering the very first test of the Certified Information Privacy Professional (CIPP) program at its "Privacy and Data Security Academy and Expo" in New Orleans later this month.

The CIPP is the first-ever broad-based privacy certification in the United States. Qualification for the certification is contingent on passing an entry-level exam that stresses the fundamentals of privacy -- the concepts and applications of law, technology, and operational practices. The certification also establishes educational and testing standards for the profession.

The IAPP developed the program in conjunction with the CyLabs group at Carnegie Mellon University and the Ponemon Institute, a leading privacy research group. The association also formed a certification advisory board that includes leading privacy executives from Nationwide Insurance, Procter & Gamble, General Electric, Hunton & Williams, and Corporate Privacy Group, among others.

The CIPP program is designed to meet a number of marketplace needs:

• Professionals new to the business of privacy who wish to establish a foundation of knowledge
• Seasoned executives who want to validate their existing skill set with a standard privacy credential
• Corporate privacy managers chartered with bringing their staff up to a consistent level of privacy education
• Specialists in financial services or healthcare privacy who seek to broaden their expertise and value into a general information privacy scope

The first sitting of the CIPP exam will be at the Marriott New Orleans on Wednesday, October 27, 2004, from 3:00 p.m. to 5:00 p.m. The exam fee is $245 per person and requires IAPP membership. It is the only testing opportunity the IAPP will provide in 2004. Advance certification training is also available.

For more information on the certification program or to register for the October 2004 exam, visit www.privacyassociation.org.

FTC & NIST E-mail Authentication Summit
Dates: November 9-10, 2004
Location: Washington, D.C.

TRUSTe has been selected as a panelist for the E-mail Authentication Summit, sponsored by the Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST). The summit will explore the development and deployment of technology that could reduce spam. It will focus on challenges in the development, testing, evaluation, and deployment of domain-level authentication systems.

The summit will be held from 8:30 a.m. to 5:30 p.m., on November 9-10, 2004, at the Federal Trade Commission, Satellite Building, 601 New Jersey Avenue N.W., Washington, DC 20001, in the Conference Center. Members of the public may view the summit in the same room, space permitting, and possibly also in overflow rooms in the FTC's Headquarters Building, located at 600 Pennsylvania Avenue N.W. 20580. Seating will be available on a first come, first served basis.

For more information on authentication, read TRUSTe's comment to the FTC and NIST on the subject. Or visit the summit Web site.

Upcoming KnowledgeNet Luncheons
The Fall 2004 KnowledgNet lineup will feature expert speakers in each city. Watch your inbox for an email invitation to join us for these free networking luncheons, open to TRUSTe and IAPP members:

Chicago
Date: Nov. 10, 2004
Location: Ernst & Young, 10255 W. Higgins Road, Suite 220, Rosemont, IL; room: O'Hare 2s205

Seattle
Date: Nov. 16, 2004
Location: TBD

Atlanta
Date: Nov. 18, 2004
Location: Ernst & Young, 600 Peachtree Street, Suite 2800, Atlanta, GA; room: 3110

For more information on these or other KnowledgeNet Luncheons, contact Krystal Putman, marketing associate, at kputman@truste.org or (415) 520-3421.

INBOX East 2004
Location: Atlanta
Dates: Nov. 17-19, 2004

INBOX East covers the latest in spam, phishing, real-time collaboration, data storage, compliance, marketing, and the business and strategy of messaging systems. The conference will focus on security issues such as spammers' tactics, combating phishing attacks, instant messaging threats, digital signatures, and reputation systems. Hear from industry insiders from TRUSTe, MX Logic, MailFrontier, CipherTrust, Yahoo!, IBM Lotus Division, Microsoft, and more. Features:

• 30 conference sessions
• 4 keynotes and plenaries
• 5 symposia
• Numerous in-depth workshops
• Exhibit hall

Sign up today and use the TRUSTe member discount code BOXTSTE to save $100 on registration fees!

It is important for your organization to exercise transparency when communicating your practices to consumers. Most organizations do this by providing a link to their privacy statement on the site's homepage or on pages requesting personal information. However, there are some cases when extra efforts to communicate your privacy practices are needed:

• When receiving promotional communications or a newsletter is required as part of getting a free service
• When your organization shares personal information with third parties for promotional purposes
• When your organization transfers personal information to third parties for the purpose of fulfilling a requested service -- and the third party then controls the use of the information transferred to them
• When it is not apparent what organization is collecting personal information from the user (for example, a site may frame a Web page with its branding so it appears that the consumer is on its site; however, the consumer is on another organization's Web site and would be providing their personal information directly to that organization)

Your organization can communicate its practices to consumers by taking the following extra steps in addition to posting a link to your privacy statement:

• Posting a notice on the page where personal information is being collected from the consumer (recommended: posting the notice above the "Submit" button)
• Posting a notice on a "splash" or informational page that consumers must read prior to accessing the page requesting their personal information
• Placing a "powered by" notice or the partner's logo on the Web pages where it is not clear which organization is collecting the consumer's information (also provide a link to the partner organization's privacy policy and clear notice that the partner's policy governs the use of the consumer's information)

In all these cases, of course, the privacy statement should clearly explain how the consumer's information is being used and how consumers can exercise their opt-out rights. Organizations that take extra steps to clearly communicate their privacy practices to consumers build trust, which will ultimately lead to a strong and loyal customer base.

-- Joanne B. Furtsch, senior account manager

TRUSTe would like to congratulate the following new members on successfully completing our certification process:

Advanced Media International, Hostway Corporation, National Capital Area Council, Adesso Systems, Arteis, Avaya, Capital Intellect, Cendant Car Rental Group, Christian Real Estate Network, Closing Alerts, Corbis, Ganobia Enterprises, Go Apply, Hosting Zoom, Law Crossing, Netblue, Perfigo, Precharge Risk Management Solutions, Renesas, True.com.

Got Feedback?
We would like to hear what you think of the TRUSTe Advocate. Send an email with your comments and suggestions to newsletter@truste.org.

TRUSTe is an independent, nonprofit organization that administers the Internet's first and largest privacy seal program.

685 Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org

The views and opinions expressed in this newsletter are those of the contributing authors. TRUSTe presents these views as a service to our members, and does not necessarily share or endorse these views.