 |
|
|
|
| |
|
AUGUST
TOP 5 PRIVACY STORIES
|
|
|
From
the Desk of the Executive Director
Four TRUSTe licensees are up for the 2003 Privacy Awards.
In our book, they've already won. »Learn
More
Feature:
Best Practices
Four TRUSTe licensees share their company's privacy
best practices: eBay, E-Loan, IBM Tivoli, and Nationwide.
»Learn
More
Privacy
Resources
Spam News scours the media for spam-fighting stories.
»Learn
More
Stay
Current!
Upcoming privacy and security events around the world.
»Learn
More
TRUSTe
Tech Tip
When using Web profiling technologies, you must notify
users in your privacy statement. »Learn
More
Welcome
New Licensees
The newest Web sites to display the TRUSTe seal. »Learn
More
|
|
 |
|
| |
This year the Technology Policy Group (TPG) at Ohio State
University's Fisher College of Business announced the
creation of its HP Privacy Innovation Awards. The first
annual awards are being presented at TPG's 5th annual
PrivacyCon in Columbus, Ohio, on October 1, 2003, to recognize
organizations for integration of privacy protection throughout
their organization's business processes.
Four TRUSTe licensees -- eBay, E-Loan, IBM Tivoli, and
Nationwide -- have applied for the award. Come October,
we'll publish the names of the winner. At TRUSTe, we
feel that these four nominees are already winners. Like
many of our licensees, they model a commitment to privacy
practices and continuing innovation in the field that
we hope will someday be universal.
That
is why we have devoted this issue of the newsletter
to showcasing the privacy best practices of the four
nominees. If your organization promotes the kind of
innovative practices you read about below, let me know!
We would love to include your story in this newsletter.
--
Fran Maier
|
|
|
 |
|
| |
eBay
- Improving employee privacy awareness
eBay
operates as the world's largest online marketplace,
allowing practically anyone to buy or sell practically
anything from practically anywhere. It is a pure
e-commerce player with no "bricks and mortar."
To upgrade its privacy efforts, eBay instituted
a 2002-2003 Privacy Awareness Initiative. This
initiative encompasses three major areas:
- The
creation and implementation of a full privacy
due diligence process for all mergers and acquisitions.
- Comprehensive
product awareness and review, which has involved
creating a process to review each of the 90-plus
site enhancements that eBay makes every quarter
for privacy and legal issues.
- Employees
have new, easy-to-read policies to guide their
use of customer, vendor, and employee data.
In addition, all new employees receive privacy
training upon arrival at the company.
The
initiative continues to be integrated into every
department within the global organization. Distributed
responsibilities, clear processes, and a centralized
privacy office help keep headcount and cost down,
and efficient processes help maintain an aggressive
time to market for site enhancements.
eBay's
Privacy Awareness Initiative has galvanized employees
to think about privacy in their day-to-day use
of personal data. This translates into products
that focus on the privacy of users, by providing
choices to users and listening to the input of
users on privacy-related projects through focus
groups. As a result, TRUSTe complaints from users
are at a three-year low.
E-Loan
- Extending privacy vigilance to partners
E-Loan
is a consumer direct lender and debt advisor dedicated
to providing borrowers with a more enjoyable,
affordable way to obtain home purchase, refinance,
home equity and auto loans. Since its launch in
1997, E-Loan has originated and sold over $16
billion in consumer loans.
From
the beginning, E-Loan has made protecting consumers'
privacy a paramount concern, never selling or
sharing customers' information with third-party
marketers and becoming one of the first companies
to implement independent third-party privacy audits,
augmented by a vigilant internal privacy compliance
team.
E-Loan's
stringent privacy guidelines include strong contractual
language that defines privacy requirements for
its vendors and business partners. Internally,
employees are put through rigorous privacy training
and are held accountable for upholding the company's
privacy policies. The company constantly reminds
employees about the significance of protecting
customers' privacy through company meetings and
training sessions.
E-Loan
has also actively advocated strong federal and
state consumer privacy protection laws. Most recently,
the company and its CEO, Chris Larson, donated
$1 million to get a financial
privacy measure on the California March
2004 ballot. The ballot initiative was
withdrawn when Larsen helped negotiate a compromise
between legislators and businesses, resulting
in passage of SB1, the California Financial Information
Privacy Act.
IBM
Tivoli - Helping companies manage
privacy complexity
IBM
Tivoli software enables an IT organization to
automate business processes, reduce the total
cost of ownership and improve service levels of
the IT infrastructure. Tivoli systems management
software helps traditional enterprises and e-businesses
worldwide manage security, storage, performance
and availability, and configuration and operations.
Tivoli has introduced a new software product --
IBM Tivoli Privacy Manager for e-business -- that
automates many privacy compliance activities.
Organizations can use the application for e-business
to perform five key privacy tasks:
- Define
a new digital privacy policy or convert an existing
written policy to digital form
- Deploy
the privacy policy to specific applications
and information technology systems
- Record
end-users' opt-in and opt-out choices according
to the policy
- Monitor
and enforce access according to the policy
- Create
audit trail reports
For
organizations that use Tivoli Privacy Manager,
the application represents a substantial automation
of privacy management, and operational costs savings
that provide significant and rapid return on investment.
The
product was developed in coordination with 28
members of the IBM Privacy Management Advisory
Council to help make sure that the product was
solving real-world enterprise privacy challenges.
IBM
Tivoli Privacy Manager is part of a new wave of
IBM innovations and solutions directed at helping
build effective data management practices. Another
example of this innovation is IBM's recently announced
Enterprise Privacy Authorization Language, an
XML language that gives developers the power to
extend specific privacy rules across internal
business systems, then automates compliance to
those rules.
Nationwide
- Online training and privacy awareness campaign
Nationwide
is a $115 billion, Fortune 500 insurance and financial
services organization that employs more than 30,000
people. Nationwide's Office of Privacy designed
a Privacy Awareness Campaign to educate all of
the company's employees about the importance of
privacy.
Each
employee received a packet of information containing
a cover letter explaining the purpose of the campaign
and four postcards, each explaining the importance
of privacy. All of the materials were designed
to have a vintage World War I & II look. The
entire campaign was supported with articles in
the company newsletter and on the company's Intranet
home page.
The
campaign directed employees to take an online
privacy training, which the Office of Privacy
developed in conjunction with a third-party vendor
using proprietary content. The training gives
employees concrete strategies for handling customer
information, and instructs them to contact the
Office of Privacy with privacy questions specific
to their business unit.
Since
the campaign began, nearly 60 percent of all employees
have completed the Online Privacy Training. The
Online Privacy Training and Privacy Awareness
Campaign have survived the onslaught of six audits
and exams by federal and state regulatory agencies.
Each time, the auditors and examiners have stated
that they were impressed by the thoroughness,
creativity, and effectiveness of the program.
|
|
|
|
 |
|
| |
SpamNews
SpamNews
is an email newsletter devoted to fighting spam. Every
month, subscribers receive links to dozens of spam-related
news stories from the national print and online media.
The Spam News Web site publishes weekly digests of the
news stories, and posts resources for complaining about
spam, identifying spammers, and filtering spam.
|
|
|
| |
 |
|
| |
LEARN WHERE TO PUT WEB SEALS FOR THE GREATEST IMPACT
Join
our web privacy and email marketing workshops
New to the world of online privacy? Concerned that an
incomplete understanding about email marketing practices
may be putting your company at risk? On October 29,
from 1:00 to 5:00 p.m., TRUSTe will hold two pre-conference
workshops on privacy and spam at the IAPP
Privacy Academy in Chicago. The instructors:
Experts from some of the top companies in the United
States, including Microsoft, AOL, Oracle, Doubleclick
and TRUSTe staff. Participants will walk away with practical
and actionable learning including – how to keep
your company off email blacklists and where and how
to place your TRUSTe seal for maximum impact.
REGISTER
ONLINE with the IAPP!
TRUSTe
PRACTICAL PRIVACY WORKSHOP
Through the use of case studies and field testing, participants
will gain insight into the ins and outs of current privacy
challenges for businesses and how trust seals can affect
response rates and purchasing behavior.
Practical
Privacy Issues 1:00PM – 1:50PM
Joe Alhadeff, Chief Privacy Officer, Oracle
Parry Aftab, Executive Director, WiredSafety.org
Karla Lacey, VP Marketing, Graduate Management Admissions
Council
Technology
and Total Privacy 2:00PM – 2:50PM
Brendon Lynch, Director of Privacy & Risk Solutions,
Watchfire
Steven B. Adler, Market Manager, IBM Tivoli Security
& Privacy
Third
party seals - how placement can impact email and website
response 3:00PM – 3:50PM
Ken Leonard, CEO, ScanAlert
Kim Howell, Microsoft
Privacy
Statements & Batteries.com Case Study 4:00PM –
4:50PM
David Berlind, Editorial Director, ZDNet
Becky Richards, TRUSTe Director of Policy
HOW
NOT TO BE A SPAMMER
Participants will learn from email experts the do’s
and don’ts for responsible email marketing, focusing
on everything from acquisition of email addresses and
anti-spam state law compliance to working with white
and black lists and making sure your messages get delivered.
Opening
Remarks 1:00PM – 1:10PM
Fran Maier, Executive Director & President, TRUSTe
Email
Best Practices 1:10PM – 2:00PM
Bennie Smith, Chief Privacy Officer, DoubleClick
Fran Maier, Executive Director & President, TRUSTe
Patrick R. Peterson, Sr. Director Services & Support,
IronPort
Cost
of Spam 2:10PM – 3:00PM
Lynda Partner, GotMarketing
Brian Sullivan, Senior Director, AOL Mail Operations
The
Technology Environment 3:10PM – 4:00PM
Hans Peter Brondmo, Senior Vice President, Digital Impact
Francois Lavaste, VP Marketing, Brightmail
Legal
Compliance 4:10PM – 5:00PM
Liisa M. Thomas, Gardner Carton & Douglas LLC
REGISTER
ONLINE!
TRUSTe
licensees receive a discount on registration fees for
both the pre-conference sessions and the academy. Find
out more about the conference and download the program
at http://www.privacyassociation.org/
For additional information you may also contact Carolyn
Hodge at TRUSTe, chodge@truste.org,
415-618-3415.
|
|
|
 |
|
| |
Tip: When making use of user-profiling technologies
such as cookies, log files, and Web beacons, you must
notify users in your privacy statement.
Many
Web sites use or are considering the use of Web technologies
such as cookies, log files, and Web beacons to get a
better profile of their individual users. This information
can help your site create personalized offers or know
where particular users come and go on your site by "tying"
the raw information obtained through the profiling technology
to a user's personally identifiable information (PII).
By tracking each individual user's movements, you can
better understand the behaviors of all visitors to the
site.
However,
the use made of PII needs to be disclosed accurately
or you may run afoul of Fair Information Practices.
How
do you determine if you must notify Web site users that
you are profiling them? Questions to ask engineering
and marketing:
- Is
the user's PII tied to cookies (either for the session
or persistently via an account log-in)?
- Is
the user's PII tied to log files (for example, matching
up the visitor's IP address to prevent fraud)?
- Is
the user's PII tied to Web beacon usage (for example,
to track click-through rates)?
Tying
personal information to Web technologies raises the
specter of following user movement, and some users may
be concerned for their privacy in this sense. So do
what you say and say what you do in your privacy statement.
Express the fact PII is going to be associated with,
or "tied to" certain Web technologies, but
also explain how there is a benefit for the user in
the long run.
If
you are using -- or contemplating using -- one of the
above profiling technologies and are in doubt about
whether your privacy statement accurately communicates
that information to site users, contact your TRUSTe
account manager for more information.
-
Robert Behrens, JD, senior account manager and Internet
privacy specialist
|
|
|
 |
|
| |
TRUSTe would like to congratulate the following new
licensees on successfully completing our certification
process:
ContinuedEd.com,
Corex Technologies, Email Retriever, Green Cathedral,
InterContinental Hotels Group, Millennial Living, New
Horizons, ORCA Limited, PensXpress, Site Systems, Spoke
Software.
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
TRUSTe
is an independent, nonprofit organization that administers
the Internet's first and largest privacy seal program.
685
Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org
|
|
|
 |
|
 |
|
