At TrustArc we take very seriously the role we play in the privacy ecosystem and our commitment to supporting our customers. And if we fall short, we admit it, we address the issue, and we move forward.

 

On November 17, 2014, TRUSTe announced an agreement with the Federal Trade Commission (FTC), settling a complaint about two of our prior business processes. The FTC did not find any issues with TRUSTe’s privacy practices, but two processes needed to be fixed – and TrustArc has addressed both.

 

The first item is that we did not ensure all certified websites removed a reference to TRUSTe as a non-profit entity in their privacy policies after transitioning to a for-profit enterprise in 2008.

 

The second is that we did not complete the annual review step of certification from 2006 until January 2013 for clients who had signed up for multi-year agreements. This represents less than 10% of the total number of annual reviews we were scheduled to conduct during that time.

 

Multi-year clients that did not undergo the annual review step of their certification were reviewed when their agreements were up for renewal. Because over 90% of multi-year clients signed two-year contracts, the vast majority were reviewed every other year.

 

Additionally, all clients continued to receive all other services included in their TRUSTe certification – including our privacy advisory services, guidance on any proposed changes to their privacy procedures, and dispute resolution service so any potential consumer complaints regarding their privacy policy or practices were fully investigated.

 

We have taken swift action to address the process issues covered by the agreement.

 

In late 2013, we started requiring the non-profit reference to be removed from all active client websites as a condition of re-certification.

 

We also identified and fixed the process for annual reviews in January 2013, and implemented new controls to ensure that every client receives the annual review step of their certification.

 

We regret that, in these two cases, our processes did not live up to our own standards.

 

I am proud of the dedicated TrustArc team that continues to work hard to develop new technology, products and services to keep pace with the rapid evolution in privacy laws, regulations and practices.

 

We are delivering products and services to a growing customer base around the globe. The role we play today and going forward has never been more important for our clients and the customers they serve.

 

In the weeks and months ahead, I look forward to focusing our energies on helping businesses address these rapidly evolving data privacy management challenges.

 

Thank you,

TrustArc Ceo, Chris Babel