Truste Says Licensing Changes Will Give Privacy Seal More Teeth

Computerworld - WASHINGTON—Privacy certification organization Truste has toughened its licensing requirements and boosted its ability to monitor the privacy practices of Web sites that display what some critics have seen as a toothless seal of approval.

The licensing changes announced last week bar companies from changing a customer's privacy preferences for 12 months. They also tighten opt-out requirements to make it easier for customers to prevent the sharing of their personal information.

In addition, Truste has started using technology developed by Watchfire Corp. in Waltham, Mass., to monitor Web sites. The technology uses automated agents called Web crawlers to ensure that sites are in compliance with their stated privacy policies.

Harris Interactive Inc. in Rochester, N.Y., received a Truste seal earlier this year. Lynn Siverd, chief privacy officer and a vice president at the company, said she has no problem with automated compliance monitoring, provided it's a vehicle for constructive criticism and not for "slapping" a company.

Indeed, Mike Weider, founder and chairman of Watchfire, said Web sites can involve so many people and departments that an employee could, for instance, unintentionally add a third-party cookie in violation of a firm's privacy policy. Watchfire's Web crawlers will look for those kinds of problems and alert Truste on a regular basis. Previously, Truste relied on annual reviews.

Truste and other privacy seal programs have faced criticism in recent years from those who feel that they have failed to ensure meaningful privacy protections. But with these changes and previous ones, Truste "has been steadily raising its standards," said Ari Schwartz, associate director for the Center for Democracy and Technology in Washington. Initially, Truste required companies displaying its seal only to abide by their own privacy policies, whatever those policies might be. But that left companies free to treat customer information as they saw fit, Schwartz said. "I think companies that commit to this are raising the bar for the industry," he said, adding that the changes aren't a substitute for privacy legislation.

Fran Maier, executive director of San Francisco-based Truste, said the licensing changes, along with the monitoring effort, "are really sending the message that we take enforcement compliance seriously, that we have teeth."

Compliance Check

Corporate privacy officers say seal programs offer business value by providing a road map for examining privacy policies, establishing independent audits and boosting customer confidence.

Mel Peterson, chief privacy officer at Procter & Gamble Co. in Cincinnati, participates in the Arlington, Va.-based Better Business Bureau privacy seal program. Going through the process of applying for a seal is "a good way for a company to get up to speed quickly on what needs to be done" in privacy compliance, Peterson said.