 |
|
|
|
| |
|
JUNE
TOP 5 PRIVACY STORIES
|
|
|
Knowledge
You Need
Rapidly evolving wireless Internet technologies offer
consumers and businesses exciting new products and services
-- and bring up a host of new privacy issues. »Learn
More
Public
Policy Update
The U.S. Senate considers strengthening anti-spam legislation.
»Learn
More
From
the Executive Director
Excerpts from TRUSTe executive director Fran Maier's
Senate testimony. »Learn
More
TRUSTe
News
TRUSTe's new partnership with the International Association
of Privacy Professionals offers licensees new opportunities
for education and networking. »Learn
More
Privacy
Resources
Interested in keeping up to date on wireless issues?
Consult the Cellular Telecommunications and Internet
Association's Web site. »Learn
More
Stay
Current!
Upcoming privacy and security events around the world.
»Learn
More
TRUSTe
Tech Tip
How to avoid "unable to unsubscribe" Watchdog complaints.
»Learn
More
Welcome
New Licensees
The newest Web sites to display the TRUSTe seal. »Learn
More
|
|
 |
 |
| |
Wireless Internet Technology
Requires New Privacy Standards
by
Stacey Estrella
According
to Jupiter Research, by the year 2005 more than 96 million
wireless subscribers -- 65 percent of today's subscriber
base -- will have access to the wireless Internet. This
rapid convergence of wireless technology with data services
and the Internet has given rise to a host of unprecedented
issues concerning consumer privacy.
TRUSTe
recognizes your need to evolve with your customer base,
capitalizing on valuable wireless technologies to provide
strategic features and services. As such, we are breaking
new ground in the areas of wireless privacy.
Consumers
report three primary concerns regarding advanced wireless
technologies: the collection and use of location data,
unsolicited advertising messages sent to the device,
and the profiling of information for marketing purposes.
These concerns are further magnified by recent federal
mandates, such as e911,
which allow for the location of a wireless device to
be identified for emergency purposes any time the device
is turned on.
The
availability of location data, combined with the FCC's
Wireless Local Number Portability mandate,
contributes to the growing consumer perception that
wireless devices are infinitely more personal than computers,
making consumers feel uncomfortable about potential
commercial abuses of wireless technology. Consumers
will be much more vigilant about screening commercial
entities before engaging in transactions, and any perceived
abuses of their trust will be cause to sever the relationship.
How
do I know if wireless privacy applies to my business?
If
you are a wireless carrier or content provider engaged
(or planning to engage) in wireless data or Internet
services, your privacy practices will need to be enhanced
to address wireless privacy issues. Here are just a
few questions to help you determine whether you should
consider adjusting your privacy practices:
- Do
you collect, share, or receive location data?
- Do
you collect, share, or receive mobile phone numbers?
- Do
you enable your consumers to access Internet account
data from a mobile device? (Examples include one-click
commerce settings or email.)
- Do
you deliver advertising text or other media messages
to PDAs or mobile handsets on behalf of your company
or others?
- Do
you collect or share information on individual subscribers
or individual devices when they access your Web site
from a PDA or mobile handset?
How
is TRUSTe responding to wireless privacy concerns?
TRUSTe
has formed an advisory committee representing a cross-section
of industry participants. It currently includes representatives
of AT&T,
Verizon,
Microsoft,
Hewlett
Packard, the
Mobile Marketing Association, the
Wireless Location Industry Association, the
Center for Democracy and Technology, and
the
Privacy Rights Clearinghouse.
The committee is charged with developing a comprehensive set of privacy standards, including principles, implementation guidelines, and best practices. These standards aim to help wireless carriers and content providers create an environment that engenders consumer trust and facilitates higher trial and adoption rates of wireless data and Internet services.
Among
the more complex and provocative issues we are evaluating:
- Methods
for delivering "notice and choice" across
smaller devices
- Opt-in
requirements at both the device and application level
- Data
storage limits
- Form
and use of wireless privacy statements, including
short notices
- Form
factor for indicating availability of and adherence
to wireless privacy practices
TRUSTe
will share the standards that the committee is developing
with you as they emerge. In the meantime, if you would
like to participate on the advisory committee, please
contact Frank Babbitt, vice president of sales and business
development, at fbabbitt@truste.org.
Stacey
Estrella is a consultant on wireless privacy policy
and business practices with TRUSTe.
|
|
|
 |
|
| |
Congressional Hearing Emphasizes Multi-tiered
Anti-Spam Attack
by
Stephanie Lim
Just two years ago, unsolicited commercial email, or "spam," accounted for only 8 percent of email traffic. This summer, spam is projected to make up more than 50 percent of all email. The problems that spam poses to both consumers and businesses have led legislators to consider new bills to address the spam issue. Earlier this summer, the U.S. Senate's Committee on Commerce, Science, and Transportation tackled spam in its hearings.
On
June 19, the Can-Spam
Bill passed in committee, which would
allow for criminal penalties and fines of up to
$1.5 million for spammers.
Spam
is no longer a simple nuisance to consumers. Unsolicited
email transmits viruses, eats up bandwidth, exposes
minors to graphic images of pornography, and costs
businesses pricey storage space and resources.
AOL alone estimates that it blocks 2.4 billion
messages a day.
"If
consumers lose confidence in Web-based services
and turn away, tremendous harm will be done to
the economic potential of information technology,"
FTC commissioner Orson Swindle said. "Frankly,
to date I am not convinced that industry has made
the commitment or really wants to empower consumers
by giving them easy-to-use tools for personal
control."
In
her testimony to the committee, TRUSTe executive
director Fran Maier echoed consumer concerns,
citing that 58 percent of TRUSTe's Watchdog complaints
deal with spam-related issues. "Consumers
feel that their private/personal email accounts
should be just that -- private and personal."
Combating
spam is no easy task, and members of
the committee acknowledged that the efficacy of
federal legislation is limited. "For Congress's
part, we should make no mistake; unless we can
effectively enforce the laws we write, those laws
will have little meaning or deterrent effect on
any would-be purveyor of spam," said Sen.
John McCain (R-AZ).
Maier
emphasized the need for third-party oversight,
announcing TRUSTe's intention of becoming an Independent
Email Trust Authority (IETA). "TRUSTe has
come to realize that email is a frontier very
similar to privacy on the Internet five years
ago," said Maier. An IETA would be required
to develop baseline standards of conduct in email
practices, bridging the areas of technology, legislation,
consumer education, and self-regulation.
|
|
|
|
 |
|
| |
Maier Defines Spam Issues for U.S. Senate
The
following excerpt was taken from TRUSTe executive director
Fran Maier's June 19, 2003, testimony before the Senate
Committee on Commerce, Science, and Transportation regarding
the establishment of an Independent Email Trust Authority
(IETA):
A
key function of an IETA is to coordinate and maintain
a set of baseline standards that are accepted by all
of the major stakeholders, including consumers, email
and Internet service providers (ISPs, corporate networks,
ESPs, etc.), and senders. True progress in precluding
the negative ramifications of spam cannot be made without
close cooperation across these parties. . . .
A
general industry consensus is beginning to emerge on
some of the more basic baseline standards for legitimate
mail, but many key points continue to be debated. Most
parties have generally accepted the following concepts,
in principle:
1.
Bona fide "source" information (no false headers):
Source-identifying information, such as originating
domain name and email address, destination and routing
information, should not be falsified.
2.
No harvesting: the automated collection of email addresses
for the purpose of sending bulk email through techniques
commonly referred to as "harvesting" or "dictionary
attacks," or the knowing use of emails gathered
through such processes, is not acceptable.
3.
Every commercial email should include an unsubscribe
or opt-out mechanism that functions as it is described,
in a timely manner. A valid unsubscribe mechanism is
critical to improving consumer trust in email.
4.
Every commercial email should include valid contact
information for the originator of the message, including,
at a minimum, a valid return email address.
UPDATE:
TRUSTe continues to watch legislative developments closely.
Of particular interest is the potential for legislation
to form a safe harbor for companies whose email meets
or exceeds the requirements of the legislation. Under
the safe harbor (distinct from the European Union's
Safe Harbor program), self-regulatory organizations
such as TRUSTe, would work with industry, bulk mailers,
and email service providers to define baseline standards
for email and to qualify and monitor email senders --
in a similar way to the function of the proposed IETA.
A key component of the legislation, and a key responsibility
of the United States' Safe Harbor program, is to develop
and bring trust to the unsubscribe and opt-out options.
|
|
|
 |
|
| |
TRUSTe and IAPP Partner to Extend Membership and Seal
Benefits
This
week, TRUSTe announced to the public that it has partnered
with the International
Association of Privacy Professionals (IAPP)
to provide IAPP membership benefits to TRUSTe seal holders
and educational programming to members of both organizations.
The IAPP is the world's leading association of privacy
and security professionals, with more than 1,000 individual
and corporate members from a variety of industries.
"This
partnership will bring managers on the front line of
privacy a more comprehensive view of the industry and
its practices. TRUSTe has worked with thousands of organizations
to certify their Web site privacy statements, and has
guided the Internet community toward higher standards
in Web site privacy, enhancing respect for consumers'
personally identifiable information," said Fran
Maier, executive director of TRUSTe. "The IAPP
shares our focus and, as such, is a valuable partner
for TRUSTe, our seal holders, and all Internet users."
TRUSTe
will work with the IAPP to offer bundled membership
and privacy seal programs. TRUSTe will also be coordinating
programming at the upcoming IAPP
Privacy Academy, which will take place Oct.
29-31, 2003, in Chicago.
"The
mission for the IAPP focuses upon the enhancement of
the privacy profession through the ongoing education
of our members," said Trevor Hughes, executive
director of the IAPP. "This partnership will extend
important IAPP membership benefits to TRUSTe seal holders
and will leverage the strong experience of TRUSTe as
a leading self-regulatory privacy organization."
TRUSTe
licensees will receive information on the benefits of
this new partnership with IAPP shortly. For more information,
contact Carolyn Hodge, senior marketing manager, at
(415) 618-3415 or chodge@truste.org.
|
|
|
|
|
|
| |
Cellular Telecommunications
and Internet Association
The Cellular Telecommunications & Internet
Association (CTIA) represents service providers
and manufacturers from all sectors of wireless
communication. Check the Web site for updates
on CTIA's advocacy efforts on the national level,
its Wireless Internet Caucus, and breaking news.
Visitors to the site can also search CTIA's online
Market Research Center for fee-based access to
white papers and industry reports on wireless
issues.
|
|
|
 |
|
| |
Here are a few upcoming privacy-related conferences
and workshops around the world.
IAPP
Privacy Academy & TRUSTe PreCon Working Sessions
-- Save the Date!
Dates:
October 29-31, 2003
Location:
Chicago, Illinois
Overview:
The IAPP Privacy Academy will offer the background
knowledge you need on privacy law, corporate privacy
infrastructure, enforcement, the role of the company
privacy officer, and management of privacy and security.
Stay tuned for TRUSTe preconference sessions on "How
not to be a spammer!" and a practical working
session on tools for Web site privacy. Visit the IAPP
Web site to sign up to receive a copy of
the program once it is published.
Fifth Annual Privacy Conference
-- Special Offer for TRUSTe Licensees!
Dates:
September 30-October 2, 2003
Location:
Blackwell Hotel, Columbus, Ohio
Overview:
TRUSTe is pleased to be a sponsor of the Fifth Annual
Privacy Conference, which is organized annually by
the Technology Policy Group at Ohio State University.
This year's theme, "Information, Security, and
Ethics in the Digital Age," will be tackled by
experts from all over the United States, and sessions
will be organized into financial, business, healthcare,
and government tracks. Keynote speakers include Orson
Swindle, FTC commissioner, and Nuala Kelly, chief
privacy officer at the U.S. Office of Homeland Security.
For
a complete agenda, travel information, and online
registration, visit the PrivacyCon2003
Web site. TRUSTe licensees are eligible
for a significant discount on registration. For the
TRUSTe password, please call Michelle Lucas at (415)
618-3402 or George Mamashiani at (415) 618-3403.
SELF-NOMINATE
for PRIVACY AWARD!: TRUSTe licensees are
encouraged to apply for the HP Privacy Innovation
Awards which will be awarded for the first time at
PrivacyCon2003. For more information see:
www.privacyinnovation.org
The deadline for application
is September 8, 2003.
First International Congress
on e-Commerce Trustmarks
Dates:
September 17-19, 2003
Location:
Luxembourg-Kirschberg, Luxembourg
Overview:
To spark an international exchange of ideas on securing
consumer confidence in e-commerce, the Ministry of
the Economics of the Grand Duchy of Luxembourg is
organizing the First International Congress on Trustmarks
in Electronic Commerce. More than 300 representatives
from the business, government, and nonprofit sectors
are expected to attend this congress. Presenters hailing
from all over Europe, Asia, and North America will
discuss e-commerce trends, consumer expectations,
and the role of national and international public
authorities and nongovernment organizations such as
TRUSTe.
The
registration fee for the three-day conference is 570
euros (US$646). For more information on the congress
or to register as a participant, visit www.e-trustmarks.lu.
25th International Conference
on Data Protection and Privacy
Dates:
September 10-12, 2003
Location:
Sydney, Australia
Overview:
Business leaders and privacy professionals from around
the world will be gathering in Sydney this September
to meet with key decision-makers in the Asia-Pacific
region and to hear about international privacy regulation,
implementation, and the privacy needs of consumers.
With the theme of "Practical Privacy for People,
Government, and Business," sessions will focus
on technologies, marketing and relationship building
within a privacy framework, compliance, and consumer
advocacy. To learn more about the conference or to
register online, visit the conference
Web site.
|
|
|
 |
|
| |
Tip: To avoid receiving "unable
to unsubscribe" complaints through TRUSTe, licensees
should implement an automated system to unsubscribe
consumers and send a confirmation email informing them
of their updated choice.
"Unable
to unsubscribe" is the most common Watchdog complaint
that TRUSTe receives. Many complainants write that they
have unsubscribed before but are still receiving unwanted
emails from a company. By implementing an automated
system to handle unsubscribe requests, licensees can
ensure that each request is processed and implemented
within a reasonable timeframe. Sending users a confirmation
email allows them to verify that their request has been
processed.
The
confirmation email should state the email address being
unsubscribed, the date the unsubscribe request was received,
and the date that the request will take effect. On the
"unsubscribe page," include a note informing
site users that if they do not receive a confirmation
email, they should try to unsubscribe again. Then display
an email address for a designated staff member who can
help them should their attempts to retry fail as well.
Carlos
Gil Jr., compliance analyst
|
|
|
 |
|
| |
TRUSTe would like to congratulate the following new
licensees on successfully completing our certification
process:
Baysix
USA, Classmates Online, Diamond Review, Enfocus Software,
4Structures.com, Inksell, Jumbohut, Mailblocks, 1-800-Dentist,
Orbitz, PlayStream, Titanium Online
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
TRUSTe
is an independent, nonprofit organization that administers
the Internet's first and largest privacy seal program.
685
Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org
|
|
|
 |
|
 |
|
