In response to the growing number of attacks on consumer and employee data, TRUSTe has released Data Security Guidelines for sealholders and other members of the public to use. We hope these guidelines will help facilitate internal discussion between privacy and security groups, assist companies as they draft their internal security policies, and be useful as a checklist to confirm or double-check existing policies. These practices are not intended as mandatory procedures for TRUSTe members.

Meaningful protection of consumer privacy depends on a foundation of responsible data security practices. The guidelines are divided into three categories of safeguards -- administrative, technical, and physical controls -- in a checklist form so that companies can assess their own risk levels and adopt the corresponding safeguard practices. Larger companies that handle data with the highest level of sensitivity may find it appropriate to adopt all the recommended practices, while a smaller company that collects less sensitive information may conclude that adopting only a subset of these controls will be necessary for it to have a security program appropriate to the nature of the data it handles.

TRUSTe anticipates that the guidelines will evolve over time to reflect emerging technologies and business issues. We will notify you of future versions of the guidelines in this newsletter. In the meantime, direct your suggestions and comments via email to policylegal@truste.org.

The Security Guidelines, Version 1.1 can be found on http://www.truste.org/about/securityguidelines.php.

 

Ponemon Institute