From the Desk of the Executive Director:
TRUSTe Turns up the Heat on Monitoring Practices. »Learn More

Privacy Best Practices:
Watchfire Web Privacy Compliance Solutions. »Learn More

TRUSTe Insider:
Alex Yap tells us what to expect from Watchfire. »Learn More

TRUSTe Tips:
Monthly privacy tips for our members. This month: Keeping an eye on your ROI. »Learn More

Stay Current: 
Privacy and Security Events. »Learn More

TRUSTe Turns up the Heat on Monitoring Practices
By Fran Maier

As reported earlier, we're employing new technologies to help us improve the monitoring of the TRUSTe licensee members. This helps TRUSTe ensure that our licensees are in compliance with our requirements and in addition can be a helpful tool for privacy managers in giving "advance notice" of potential shortfalls.

Beginning earlier this year we have been actively scanning licensee websites to help them keep compliant and identify any TRUSTe licensees who are not maintaining our requirements. In the first three months of 2003, using Watchfire's automated technology, we have scanned 100 licensee sites and plan to scan all TRUSTe websites by the end of the year. Some of the items we scan for include changes in the privacy statement or in data collection practices.

So far we are happy to report that there have been no instances of blatant violation of our license agreement. In many cases our licensees have welcomed the feedback on flags for privacy questions. It's our hope that our "bark" is better than the "bite" of disappointing a customer through a privacy violation.

This new partnership and the employment of technology is just one of the ways that TRUSTe is expanding its compliance "teeth" while also providing additional value to the Privacy manager. TRUSTe is another set of eyes, sensitive to industry privacy standards that will help you avoid privacy breaches and help keep an eye on your website sprawl.

TRUSTe's goal is to partner with companies to help them adhere to the TRUSTe standards as well as those that they have outlined in their privacy policies. Watchfire monitoring enables TRUSTe to help our licensees keep the promises that bring them to our program in the first place.

We look forward to your feedback.

Watchfire Web Privacy Compliance Solutions
By Brendon Lynch, Director of Privacy and Risk Solutions, Watchfire

The Web Privacy Challenge
Is your website exposing you to privacy risks that may result in noncompliance with legislation or stated privacy policies, lawsuits, or user mistrust? Consumers, businesses, and employees are increasingly aware of privacy issues on the Internet. In fact, research has shown that many consumers will not conduct business on websites which lack suitable privacy statements or assurances. In addition, governments and industry regulators throughout the world have been legislating and regulating the collection, use, retention, and distribution of personal information. How do you ensure these rules are always followed on corporate websites?

Websites are large and constantly evolving; new content is added to thousands of web pages every day. Organizations trying to ensure their websites are in line with privacy policies, industry rules, and applicable laws face major challenges. Managing website privacy is not a one-time event. Every time you add or change content and transaction functionality on your site, you run the risk of exposing your users to actual or perceived invasions of privacy, and your organization to potential non-compliance with laws or generally accepted fair information practices.

Detect and Manage Your Privacy Exposures
Watchfire® WebXM™ is a comprehensive Website Management solution suite that automates website testing, analysis, and reporting to help organizations detect and manage web quality, web privacy, and web accessibility on large enterprise websites. PrivacyXM is a module of WebXM that spiders through an entire website, analyzing each component for issues, storing the information from the scan in a database, and then displaying the results through reports in your web browser.

PrivacyXM provides reports on your website so you can identify information collection practices, privacy policy linking (including P3P), user tracking through cookies and web beacons, and web page security practices to help you manage potential privacy risks, enable compliance with global legislation and fair information practices, and create user trust. For many organizations, web privacy management is now a critical component of their privacy program.

Using PrivacyXM in conjunction with a mature Web Privacy Management Program and TRUSTe third party verification will help:

• Achieve compliance with a range of laws, best practices and privacy policies
• Manage risk associated with an online privacy breach
• Create a trusted environment for website users

Brendon Lynch is the Director of Privacy and Risk Solutions at Watchfire, a Website Management software and services company based in Waltham, Massachusetts. He can be reached at (781) 810-1450 ext 3105

What To Expect from Watchfire
By Alex Yap, Compliance Analyst, TRUSTe

Compliance Monitoring Receiving a Warm Welcome
TRUSTe's Compliance Department has intensified our ongoing monitoring program through a partnership with Watchfire. Each TRUSTe licensed website will be partially scanned twice per year using Watchfire's PrivacyXM Software. This website management solution provides testing, analysis, and reporting capabilities, which in turn enables TRUSTe to offer our licensees an automated view into a slice of their privacy practices.

Thus far we have received very warm response to this program from our licensee base. TRUSTe has been able to warn several customers of potential privacy pitfalls before they became issues for website users. We have also worked with licensees to bring their sites into compliance with the TRUSTe Privacy Seal Program by identifying non-compliant pages or practices that were overlooked.

The partial Watchfire scan checks for:

1. Trust mark or text link to the privacy statement on the homepage and PII collection pages
2. Click to Verify seal on the privacy statement and a live validation link
3. 1st and 3rd party cookies and web beacons
4. Privacy contact for site, and for the TRUSTe Watchdog
5. SSL present when credit card or SSN is collected
6. Collecting age

In most cases the non-compliance issues have been found in the use of web beacons without notice and also some situations where personal information is being collected but no privacy statement is available.

What to expect from the scan:

1. Compliance analyst checks license agreement and creates a scan profile
2. Partial Watchfire scan initiated on items required in the TRUSTe license agreement
3. Results are issued by email: Pass or Fail
4. Details of any failures are provided as to exact compliance requirements
5. Site has 10 business days to fix the problem

We are very excited about our partnership with Watchfire, as this program will eventually allow TRUSTe to widen the scope of our program requirements and provide our licensees with a higher level of protection through our certification process.

Keeping An Eye On Your ROI

Privacy assurance continues to be a critical component of building trust with consumers. While TRUSTe licensees recognize the importance of building trust, in today's economic climate, it is more important than ever to make a strong business case for privacy investments.

TRUSTe proposes an online assessment of TRUSTe Privacy Seal impact on the relationship between our licensees and their customers in order to prove the ROI of their privacy commitment. TRUSTe believes this will be extremely helpful to demonstrate that investment in privacy is a sound investment overall. And ideally we will show a positive impact on the top-line or its leading indicators in order to compliment the traditional method of assessing privacy impact - legal exposure and risk mitigation.

Previous tests conducted by our licensee BigDates.com, indicated that they received an astonishing 43% bump in click-through rate for email that carried the TRUSTe seal, and a 42% increase in join rate. We would like to demonstrate this kind of proof point with our licensees by collaborating to prove privacy ROI to both their internal and external audiences. There are several options for testing the results of TRUSTe seals including email subscriptions, website metrics and qualitative customer surveys.

Licensees interested in conducting ROI tests and participating in a TRUSTe ROI promotion effort to regulators and national press should contact Carolyn Hodge chodge@truste.org.

New Faces to Watch For

Policy and compliance issues will be handled by our new Senior Policy Advisor in DC, Martha Landesberg while Rebecca Richards is on maternity leave. Martha comes to TRUSTe from the law firm of Dorsey & Whitney where she was Of Counsel in their privacy practice and prior to that as a senior staff attorney for six years at the Federal Trade Commission. At the FTC she worked on the COPPA rule and headed the Commission's online privacy studies.

If you are up for renewal you may have already heard from our new Sales Associate - Renewals, David Wu. Dave comes to us from Veritas Software Inc., joining the TRUSTe renewal department to support and focus on helping our licensees have a smoother renewal.

SAVE THE DATE - October 28-30, San Francisco
TRUSTe PRIVACYDIMENSIONS2003

The uncertainties surrounding privacy threaten the future of every corporation doing business online today. Leading companies are developing strategies and hands-on best practices to understand and navigate the issue of online privacy.

TRUSTe, the world's largest privacy seal and certification program, will provide a forum to weigh the range of issues from the perspective of both the private and public sectors. Following the success of our first conference in February 2002, TRUSTe will host PRIVACYDIMENSIONS2003 a conference focused on unveiling and understanding emerging privacy trends in legislation, technology and marketing, which impact corporate strategy and privacy compliance. PRIVACYDIMENSIONS2003 will take place October 28-30 at the Fairmont Hotel in San Francisco, California.

If you have any questions about sponsoring or exhibiting, please contact Kellie Beakey, Program Manager at LKE Productions. Kellie can be reached by phone at 415.318.8500 We can work with you to make sure your company receives maximum exposure and maximum benefit from PRIVACYDIMENSIONS2003.

Got Feedback?
We would like to hear what you think of the TRUSTe Advocate. Send an email with your comments and suggestions to editor@truste.org.

CONSUMERS RELY ON TRUSTe

196,240 Click to Verify requests in February

214 Watchdogs Submitted