Spotting Privacy Compliance Issues by Engaging Consumers

July 8th, 2008

TRUSTe provides a dispute resolution service to mediate consumer complaints regarding misuse of their personal information by certified websites. The Watchdog process is intended to build trust between websites and their users or customers. We process approximately 5,000 complaints a year from individuals. Many of those complaints trigger investigations and compliance reviews.

The main value of the Watchdog process for companies is the rapid escalation of privacy and security issues to IT and compliance departments. While a customer service representative may not be trained in spotting privacy and security compliance issues, TRUSTe’s dispute resolution team is able to spot trends and early warning signs of potential compliance problems.

In upcoming examples of Watchdog complaints TRUSTe intend to educate our sealholders and others about ways to avoid security and privacy risks. Our complaint and compliance process provides an incentive for websites to take swift action to fix potential problems.

Watchdog in Action : Security Vulnerability

A major consumer web site allows a user to change the last few digits of their own URL and see the identification papers of other individuals, including their passports. We called the sealholder, who took action within hours to fix it, and subsequently notified the individuals whose sensitive information was exposed.

Tips to avoid this issue:

Companies must ensure that additional authentication is required before allowing access to sensitive personal data. Encoding an ID# in the URL or relying on another mechanism that can be changed by the user risks exposing data.

- Simona Nass, Director of Compliance

Entry Filed under: All, The Watchdog