Knowledge You Need
Lose your crystal ball -- come to the TRUSTe-IAPP conference to learn what the future holds for the field of privacy. »Learn More

Leading Edge
E-LOAN describes its proactive approach to addressing consumer concerns over the hot topic of overseas outsourcing. »Learn More

TRUSTe News
Though the FTC's proposed Do-Not-Email Registry sounds like a good idea, TRUSTe and two other organizations think it would do more harm than good. »Learn More

From the Executive Director
At Knowledge Net meetings in New York and Boston, Fran Maier hears the concerns of local privacy professionals. »Learn More

Stay Current!
Upcoming privacy and security events around the nation. »Learn More

TRUSTe Tech Tip
Privacy events and award presentations taking place in conjunction with the TRUSTe-IAPP Privacy Futures conference in San Francisco. »Learn More

Welcome New Members
The newest Web sites to display the TRUSTe seal. »Learn More

Leave Your Crystal Ball at Home: Attend the Privacy Futures Conference

Find out what potential privacy advances and challenges the future has in store, and learn how to leverage trust to strengthen your brand. TRUSTe and International Association of Privacy Professionals have joined together to bring you the first conference where privacy, marketing, and IT professionals can explore the edges of privacy.

TRUSTe and the IAPP's "Privacy Futures" conference will take place June 9-11, 2004, at the Palace Hotel in San Francisco, and will bring you:

• Predictions from respected technology and business futurists to guide your business
• Advice and case studies on cutting-edge privacy technologies and tools
• A window onto the privacy policy landscape of California and the Pacific Rim
• Voices of the future: a panel on what kids think of privacy
• Networking opportunities set against the San Francisco skyline

Make Privacy Futures your professional development event for 2004. Bring the entire privacy team, along with your marketing and legal professionals, and develop a common background and vocabulary for the privacy conversation in your organization. Notable keynotes and panels include:

Futurist Keynotes

• Thornton May, Futurist, World Bank
• Brian Arbogast, Corp. VP of Communication, Platform and Services Group, Microsoft
• John Patrick, President, Attitude LLC
• Bob Johansen, Senior Research Fellow, Institute for the Future
• Stuart McKee, CIO, State of Washington
• Howard Beales, Director, Bureau of Consumer Protection, Federal Trade Commission

Keynote Panel Presenters

• J. C. Cannon, Privacy Technology Strategist, Microsoft
• Hyu-Bong Chung, Secretary-General, Personal Information Committee, Korea
• Malcolm Crompton, Former Privacy Commissioner, Australia
• Peter Cullen, Chief Privacy Strategist, Microsoft
• Michelle Dennedy, CPO, Sun Microsystems
• Lori Fena, Project Director, Aspen Institute
• Lynn Goodendorf, Vice President, Information Privacy Protection, InterContinental Hotels Group
• Robert Gratchner, Corporate Privacy Manager, Intel
• Dr. Moira Gunn, Host, TechNation
• David Hoffman, Director of Privacy, Intel
• Sandra Hughes, Global Privacy Executive, Procter & Gamble
• Peter Hustinx (invited), European Data Protection Supervisor, European Union
• Barbara Lawler, CPO, Hewlett Packard
• John Palfrey (invited), Executive Director, The Berkman Center, Harvard Law School
• Harriet Pearson, CPO, IBM
• Bob Rothman, Chief Privacy Officer, General Motors
• Bennie Smith, Chief Privacy Officer, DoubleClick
• Scott Shipman, Head Privacy Guru, eBay
• Susan Welch, Global Privacy Manager, Procter & Gamble
• Nicole Wong, Senior Compliance Counsel, Google

California Legislator Panel

• Senator Debra Bowen, Marina Del Ray, Calif.
• Senator Liz Figueroa, Fremont, Calif.
• Assembly Member Tim Leslie, Tahoe City, Calif.
• Assembly Member Joe Simitian, Palo Alto, Calif.
• Senator Jackie Speier, San Mateo, Calif.
  

Take deep dives with the experts into critical challenging areas, access resources for all your privacy questions and vendor needs, and stay ahead of the legislative and regulatory curve. Your staff can extend its expertise in the legal, marketing, and technology specialist tracks, or attend one of the targeted preconference sessions:

• Privacy Technology: Real World Experiences
• Privacy Professionals Bootcamp: Part I -- Policy
• Privacy Professional Bootcamp: Part II -- Execution
  
• Healthcare Privacy Bootcamp: HIPAA Hot Topics
  
• CPO Roundtable

Details on privacy activities related to the Privacy Futures conference can be found in the "Stay Current" column below. For further information on speakers, advance registration, and sponsorship opportunities, please visit the conference Web site, or contact Carolyn Hodge, director of marketing, at chodge@truste.org.

Overseas Outsourcing and Disclosure: Let Customers Choose
by Tess Kolaczek and Chris Larsen

Overseas outsourcing is a growing trend among U.S. businesses because it allows faster and cheaper processes, shortening cycle times and lowering prices for many products and services. However, American corporations must balance consumers' demands for better, faster, and cheaper with their needs for transparency, privacy, and control.

While overseas outsourcing is an efficient way for Internet-based companies to offer faster service to customers, at E-LOAN we believe that we cannot force these efficiencies on our customers without their consent. Accompanying the rapid growth in overseas outsourcing practices is intense public concern over patriotism and privacy. E-LOAN believes that consumers should have the power to decide whether the benefits of "offshoring" outweigh the negatives. Thus, we feel that the right approach for financial services companies such as ours is to disclose offshoring practices and allow customers to opt out if they prefer to have their products and services processed domestically.

Such a strategy has many benefits:

It provides consumer control and flexibility. At present, only 15 percent of our customers are opting out of overseas outsourcing. However, this rate may change as the perceived costs and benefits of outsourcing change. As offshoring becomes more common, perhaps even fewer consumers will opt out. Conversely, if the U.S. unemployment rate increases and more jobs are transferred overseas, consumers may start showing more solidarity with labor and rejecting the lower prices and time benefits associated with offshoring.

It encourages accountability. Disclosure encourages U.S. businesses to be more accountable for vetting their outsourcing partners. American businesses should determine the following: Are overseas workers employees of the outsource partner or does it use subcontractors? Is data actually being sent overseas or is it only being viewed from a domestic data source? What are the privacy and security policies of the outsourcing partner?

It eases the possibility of an inadvertent anti-consumer backlash. Allowing customers to opt out of overseas outsourcing practices separates the labor issue from the disclosure issue, setting up a possible clash between consumer power and labor power.

E-LOAN's privacy policy specifically addresses overseas outsourcing, as do our loan applications. We disclose our practices so consumers feel comfortable doing business with us. We understand the benefits of consumer trust, and that's why we believe our program is not only good for privacy, but good for business.

Tess Kolaczek is privacy manager and Chris Larsen is CEO of E-LOAN.

The public has responded enthusiastically to the creation of a centralized "do not call" registry, through which members of the public can opt out of receiving telemarketing calls. Bouyed by the registry's success, the recent federal CAN-SPAM Act requires the Federal Trade Commission (FTC) to review the possibility of creating a similar Do-Not-Email (DNE) registry, aimed at reducing spam. As with the do-not-call registry, members of the public could submit their email addresses to the national DNE Registry, notifying email marketers that they do not wish to receive marketing messages.

On April 13, 2004, the Email Service Provider Coalition, the Interactive Advertising Bureau, and TRUSTe, who jointly represent a combined membership of over 1,500 industry leaders, announced their discord with the concept of the DNE registry by publishing a white paper on the topic. The three organizations believe that a DNE registry would financially punish legitimate emailers without reducing the amount of spam individuals receive.

Such a registry is intuitively a compelling tool to reduce spam. But the reality is that a DNE Registry will create far more problems than it actually solves. All three authors of the white paper believe technological challenges abound making a DNE Registry impossible to enforce, prohibitively expensive, and difficult to secure. At the same time, the registry would impede the growth of e-commerce, confuse consumers, and provide a rich source of valid email addresses for spammers and hackers to target.

Most importantly, a DNE Registry will do nothing to deter spammers! Consumers registering to the list will not see any decrease in spam and may, in the event of a security breach, see much, much more junk email in their inboxes.

There is significant work being done in the marketplace today to respond to the war on spam, with legitimate businesses defining best practices that respect the informed consent of consumers and emerging technological solutions. These efforts include the ESPC's Project Lumos and TRUSTe's Bonded Sender Program. Those of us who have been active in creating such solutions should allow so me more time to implement these solutions rather than focusing on a registry that won't deter spammers.

For more information, you can download the full text of the DNE Registry white paper from http://www.espcoalition.org/dne_white_paper.pdf.

Michael Mayor is president and chief operating officer of NetCreations, which is a member of the Email Service Provider Coalition.

Knowledge Net Brings Together Privacy Professionals

I recently had the pleasure of attending TRUSTe and the International Association of Privacy Professionals' Knowledge Net luncheons in New York and Boston. These events, hosted and sponsored by Ernst and Young, bring TRUSTe and IAPP members together to network with other members of their local privacy community.

(Left to right) Melissa Pedri, McGraw-Hill; Brian Tretick, Ernst & Young; Paul Saunders, COAST; and Martha Landesberg, TRUSTe.

Several common themes emerged at the luncheons. It is clear that privacy professionals are facing increasingly challenging privacy compliance issues, dealing not just national laws but international laws and multiplying numbers of state laws. These compliance challenges, many complain, are getting in the way of the privacy professional's goal to improve his or her enterprise's ability to use data in the most optimal way. Many of the attendees expressed confusion with aspects of the recent federal CAN-SPAM law and some of the new laws emerging from California and Utah.

For me, the Knowledge Net luncheons were a great opportunity for TRUSTe to put faces to names and answer questions such as "What's new with License Agreement 9.0?" and "What are TRUSTe's thoughts on CAN-SPAM?" Several attendees told me that the most important outcome for them was the chance to meet with other privacy professionals, share "war" stories, and recognize that they are not alone.

In the coming weeks TRUSTe and the IAPP will be organizing Knowledge Net luncheons in Philadelphia, Seattle, and San Francisco. If you live in one of these metropolitan areas, look in your email box for an invitation.

-- Fran Maier

Many TRUSTe members have raised questions about the differentiation of legitimate licensees of TRUSTe privacy seal programs from sites that are infringing on the TRUSTe trademark. The key to distinguishing a Web site's standing with TRUSTe lies in its implementation of the TRUSTe seals:

• The TRUSTe Final Mark should always link to the privacy statement of the site.
  
  
• The TRUSTe "Click to Verify" seal should always appear on the Web site's privacy statement and should link to a secure TRUSTe validation page on the site. While this seal may be placed throughout the licensed Web site, it should always link directly to the secure validation page; at a minimum, the "Click to Verify" seal must be posted on the privacy statement.

Proper implementation of TRUSTe seals not only reduces the number of Watchdog complaints that a sealholder receives, but also allows consumers to instantly identify legitimate members of TRUSTe's privacy seal programs. Please keep this in mind when updating or expanding your Web site. If you have any questions regarding the proper usage of the TRUSTe seals, please contact your account manager.

Should you encounter any sites that have improperly implemented seals, please let us know via our Watchdog complaint submission form. Your assistance in identifying such cases is invaluable in maintaining the value and significance of the TRUSTe seals.

-- Alexander Yap, compliance analyst

TRUSTe would like to congratulate the following new members on successfully completing our certification process:

Boy Scouts of America, buySAFE, Credit Factor Corp., DiabeticSupplies.com, Digital Home Working Group, EastesArts and Company, e-Media Limited, MySpace.com, Synergy Management Solutions, The Island Group, 24Hour Contact Corp.

Got Feedback?
We would like to hear what you think of the TRUSTe Advocate. Send an email with your comments and suggestions to newsletter@truste.org.

TRUSTe is an independent, nonprofit organization that administers the Internet's first and largest privacy seal program.

685 Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org