Increasing criminal attacks on consumer and employee data have wrought a high price on individual privacy and trust. In accordance with TRUSTe’s broad mission to increase respect for personal identity and information, we are therefore pleased to issue the revised Data Security Guidelines for use as a resource by our licensees and other members of the public. Meaningful protection of consumer privacy depends on a foundation of responsible data security practices.

This new version of the Guidelines provides additional information in three important areas of data security. First, more attention has been given to web application security. Additional guidelines for mobile devices have also been added. Finally, preparation for possible data breaches has been addressed in two new sections.

Security standards are not “one size fits all.” Responsible, commercially reasonable standards vary, depending on such factors as a company’s size and complexity, industry category, sensitivity of data collected, number of customers served, and use of outside vendors. These Security Guidelines are divided into five categories of safeguards: Parts 1, 2, and 3address overall administrative, technical, and physical safeguards. Parts 4 and 5 are substantially new sections and address incident response plans and breach notice processes, respectively. All recommended practices are presented in a checklist form so that companies can assess their own risk levels and adopt the practices most appropriate to their particular circumstance.