 |
|
|
|
| |
|
APRIL
TOP 5 PRIVACY STORIES
|
|
|
From
the Desk of the Executive Director:
Amazon teaches us all lessons about COPPA. »Learn
More
Privacy
Resources:
Online resources for educating yourself and your consumers
about COPPA. »Learn
More
Industry
Best Practices:
Ari Schwartz from the Center for Democracy and Technology
describes research findings that can help you cut down
on the spam you receive.
»Learn
More
Stay
Current:
Four privacy and security events to keep you up to date.
»Learn
More
TRUSTe
Tech Tip:
How to avoid common COPPA pitfalls when gathering age
data. »Learn
More
Welcome
New Licensees:
The newest websites to display the TRUSTe seal.
»Learn
More
|
|
 |
 |
| |
COPPA
Affects Everyone -- Whether We Know It or Not
By Fran Maier
In
the privacy debate, reasonable people can disagree about
a lot of issues, but there is little disagreement about
the need to protect children from some of the perils
of online activity. In April 2000, Congress enacted
the Children's Online Privacy Protection Act (COPPA).
This legislation was aimed at protecting children under
the age of 13 from unscrupulous use of their personal
information by websites and online marketers.
COPPA
is a big issue here at TRUSTe. A large percentage of
websites that do not receive our certification are denied
because they are not COPPA compliant. Most children-oriented
sites are aware of the regulations around collecting
age and other personally identifiable information. But
many websites don't understand that COPPA regulations
apply to their practices as well.
Recently,
as you may have heard, the Federal Trade Commission
(FTC) looked into the privacy practices of Amazon.com,
which is not a TRUSTe licensee. The FTC found that Amazon's
registration process, which collects age information,
did not comply with COPPA. In its public statements,
Amazon indicated that it did not think COPPA applied
because it is only a "general interest site."
Despite the fact that it partners with ToysRUs!
My
own personal experience shows how disingenuous Amazon's
claim is. For years, both of my Internet-savvy sons
have come to me to help register them at children-oriented
websites such as Disney.com and Nickelodeon.com. I've
had to set secret codes, provide my credit card number,
or even fax in permission. The boys have accepted this
process and I've happily complied.
Last
month, though, my father asked one of my sons what he
wanted for his 13th birthday. I told my son to make
a list for his grandfather. Well, he did -- an Amazon
wish list, on the Amazon account he set up himself months
before. Looking over the wishlist, it was clear that
he had spent hours picking out games, books, and CDs.
But
the boy is even savvier than that. I tried logging on
to the wishlist using his e-mail address -- no luck.
We have an agreement that he is to share with me his
passwords, and he usually does (I know this may change
soon, but a mother's gotta try). When I asked what was
going on, he told me, "I set up another e-mail
address so I don't get spam."
At
TRUSTe, we take our Safe Harbor status seriously and
work hard with licensees to make sure that they are
in compliance with COPPA and similar regulations in
the European Union. For more information on how your
website can avoid triggering COPPA, join our upcoming
webinar (see "Stay
Current" below) or call Frank Babbitt
at (415) 618-3401 to find out about the TRUSTe Children's
Seal.
|
|
|
 |
|
| |
Need to know more specifics about the Children's
Online Privacy Protection Act (COPPA)? Here are
a few online resources:
GigaLaw.com:
Federal COPPA Regulations
The
GigaLaw.com online law library contains the CFR
sections (federal regulations) used to implement
COPPA, presented in an easy-to-read, easy-to-navigate
HTML format. For full text of the 1998 act, visit
http://www4.law.cornell.edu/uscode/15/6501.html
(see sections 6501-6506).
Kidzprivacy
Despite its bright colors and cartoony design,
the Federal Trade Commission's Kidzprivacy site
contains serious information for businesses and
consumers. Specific sections for parents, kids,
teachers, and website operators all offer concise
tips for each audience on privacy, safety, and
COPPA compliance -- as well as a host of online
resources.
From
the "Business
Buzz" section, click on "You,
Your Privacy Policy, and COPPA"
to review the FTC's online COPPA primer for businesses.
From the site you can also download the FTC's
24-page COPPA
Compliance Toolkit as a PDF file.
TRUSTe
Parents' and Teachers' Guide to Online Safety
Recently revised to reflect updates
to COPPA, TRUSTe's Parents' and Teacher's Guide
is now available free on the Internet. This 18-page
guide, published online as a PDF file, describes
COPPA in straightforward, concise language and
gives consumers information on how to read privacy
statements and talk to their kids about privacy
issues.
The
guide is an ideal resource to pass along to consumers
and clients who have questions about privacy issues
related to their children. If you would like to
cobrand with TRUSTe to publish a print version
for your customers, contact Carolyn Hodge at chodge@truste.org
or (415) 618-3415.
|
|
|
|
 |
|
| |
Research Shows How to Cut Down on Spam
By
Ari Schwartz
Center
for Democracy and Technology
Every
day, millions of people receive dozens of unsolicited
commercial e-mails, known popularly as "spam."
For companies and organizations, spam can be a costly
problem resulting in difficulties in communication,
bandwidth problems, and other unforeseen expenses.
In
the summer of 2002, the Center for Democracy and Technology
(CDT) embarked on a project to attempt to determine
the source of spam. We set up hundreds of different
e-mail addresses, used them for a single purpose, and
then waited six months to see what kind of mail those
addresses were receiving. We were intrigued to see the
different ways that e-mail addresses attracted spam
-- at differing volumes -- depending on where the e-mail
addresses were used.
Web-Posted
E-mail Addresses Are a Major Source of Spam
Our
analysis indicated that e-mail addresses posted on websites
or in newsgroups attract the most spam. In particular,
CDT received the most e-mails when an address was placed
visibly on a public website. Spammers use software harvesting
programs known as "robots" or "spiders"
to record e-mail addresses listed on both personal Web
pages and institutional (corporate or nonprofit) Web
pages. In fact, addresses that had been exposed on the
Web and then were subsequently removed stopped receiving
large amounts of spam in a relatively short timeframe.
Tips
for Preventing Spam From Reaching Your Employees
Currently
there is no foolproof way to prevent spam. Based on
our research, we recommend that companies disguise e-mail
addresses posted in a public electronic place. Webmasters
can do this in four ways:
- Replacing
characters in an e-mail address with human-readable
equivalents. For example, writing "user@example.com"
as "user at example dot com."
- Replacing
characters in an e-mail address with HTML equivalents.
- Putting
e-mail lists up in a graphic format, such as a .gif
file. This will allow humans to read it, but robots
will not be able to parse through the code to figure
out the addresses.
- Using
Web forms for initial contact. This is somewhat impersonal,
but it prevents robots from getting addresses.
|
|
|
 |
|
| |
June brings a host of privacy and security events
to cities -- and computers -- near you.
Compliance
With European Union Data Protection Requirements: The
Safe Harbor and Other Options
Date:
Monday, June 2, 2003, 10:30 a.m. - 2:30 p.m.
Location: Oracle
Conference Center, Oracle Corporation, 350 Oracle
Parkway, Redwood Shores, CA
Overview:
American websites serving consumers in the European
Union must comply with EU "adequacy standards"
for privacy protection of personal data. The U.S.
Department of Commerce, together with TRUSTe and Oracle
Corporation, have put together this one-day seminar
to teach U.S. companies how to comply with EU standards
through the Department of Commerce's "Safe Harbor"
framework. Topics include self-certification, verification
systems, and dispute resolution mechanisms.
The
cost of the seminar is free, but participants must register
by contacting Scott Beech, U.S. Department of Commerce,
at (202) 482-0396.
Technologies for Protecting
Personal Information: The Business Experience
Date:
June 4, 2003, 8:30 a.m. - 5:30 p.m.
Location: Federal
Trade Commission, Washington, D.C.
Overview:
Are the technologies that businesses are using to
scan their websites for vulnerabilities and privacy
violations meeting their needs? This one-day conference
will assemble dozens of experts from the government
(FTC), nonprofit organizations (TRUSTe, National Consumers
League), and corporations (Dell, eBay) to discuss
business plans, emerging frameworks, and technologies
for protecting consumer information.
For
more information, visit http://www.ftc.gov/bcp/workshops/technology/index.html.
Fourth Annual Privacy Law Institute
San
Francisco: June 9-10, 2003
New York City:
June 23-24, 2003
Overview:
The Practicing Law Institute's annual privacy institute
focuses on issues of online privacy. This year's institute
will include substantial coverage of workplace, consumer,
and international privacy developments and a panel
discussion of advanced issues in privacy compliance.
TRUSTe is a proud sponsor of PLI's Fourth Annual Privacy
Law Institute. To obtain detailed information on the
institute and to register, visit the following:
San
Francisco
http://www.pli.edu/pm.asp?f=rmt3_AD1&id=pr203g001A1003k
New
York
http://www.pli.edu/pm.asp?f=rmt3_AD1&ID=pr203g001a6003k
What You May Not Know About
COPPA Compliance
Web
Seminar
Date:
June 17, 2003, 2:00 - 3:00 p.m. EST
Overview: Even
though your website may not specifically target children
under 13 years old, if you collect age information
online, you may be subject to COPPA guidelines. Recent
alleged noncompliance by Amazon, as well as FTC settlements
with Mrs. Fields and Hershey's, have highlighted the
importance of taking COPPA seriously. Could your website
be exposing you to this same risk?
To
learn more about COPPA, join TRUSTe and Watchfire for
a free
online seminar. Corporate counsel, privacy
managers and website managers will learn about:
- What
makes you subject to COPPPA guidelines?
- Recent
COPPA FTC enforcement actions
- Responsibilities
for all websites that collect age information or target
children
- COPPA
action plan
- Compliance
enabling technology
- Seal
certification and Safe Harbor status
The
presentation will be followed by a live question-and-answer
session.
Register
now!
|
|
|
|
|
|
| |
The May issue of the TRUSTe Advocate marks the
introduction of this new feature. Every month,
TRUSTe staff will present a practical tip to help
website managers and technical staff comply with
federal privacy regulations and TRUSTe guidelines.
Tip:
To avoid COPPA violations, do not indicate to
users that an age restriction exists when collecting
personally identifiable information (PII).
COPPA
is triggered whenever your website collects both
age-identifying information and PII. However,
you must not warn users at the point of data collection
that an age restriction may prevent them from
completing the form. Users must be given the opportunity
to input their correct age.
For
example, the following language should NOT be
used on a form: "I accept and agree to abide
by [the] terms [of the website], and I confirm
that I am AT LEAST 18 years of age" or "You
must be at least 13 years old to use this site."
In these examples users know exactly how to falsify
their age to circumvent the age restriction.
Similarly,
when providing a pull-down menu for users to select
their birthdate or age, do not start the list
at the minimum acceptable age or year, such as
"18" or "1985." Include a
full range of ages and dates, thus allowing the
user the opportunity to select their correct age
or birthdate. Likewise, age should not be collected
by asking age-revealing questions such as grade
level.
--Jessica
Coy, Account Manager
|
|
|
 |
|
| |
TRUSTe would like to congratulate the following new
licensees on successfully completing our certification
process:
Avatar
Group, Capital Confirmation. Copper.net, Destina.ca,
Direct 2 Home, Euroteam Trautskogen AS, Faith Online,
GDSX, High Performance Networks, Integrity Interactive
Corporation, Logitech, Mental Health Association in
Greater San Antonio, nCommon Partners, No Logics Inc.,
Pagewise.com, Playstream, Rievent Technologies, SolidBill,
Tenant Abstract.com, The Knot, and Tri-State Dating.com.
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
|
|
|
 |
|
 |
|
