TrustArc Blog

CBBB Data Collection Compliance Effort — What You Need To Know

December 04, 2013

Recently, the Council of Better Business Bureaus (CBBB) announced that they are stepping up their enforcement efforts to ensure businesses adhere to the Digital Advertising Association (DAA) Self-Regulatory Principles (see examples). The CBBB is reviewing websites that allow 3rd parties to collect data for OBA purposes for compliance with the enhanced notice requirements. Companies who may be in violation of the Principles have been notified by the CBBB. Industry associations, like the International Association of Privacy Professionals (IAPP), are taking note of the CBBB’s announcement. The CBBB along with the Direct Marketing Association (DMA), administers the Online Interest-Based Advertising (OBA) … Continue reading CBBB Data Collection Compliance Effort — What You Need To Know

Eric Rosenblum, COO of Drawbridge, Joins TRUSTe at the 2013 “Powering Trust” Roadshow to Encourage Privacy Commitments Across Devices

October 03, 2013

Daryl McNutt, VP Marketing Drawbridge

In today’s mobile-focused world, a user’s privacy is not only the most important, but also the hardest thing for companies to promise. Many ad exchanges, big-name brands, and app developers aren’t yet sure how to effectively target users on mobile without accessing personally identifiable information (PII). However, for some companies, the pledge to protect consumer privacy comes first and foremost when introducing cross-device technology – and Drawbridge is one of those companies.

Read more “Eric Rosenblum, COO of Drawbridge, Joins TRUSTe at the 2013 “Powering Trust” Roadshow to Encourage Privacy Commitments Across Devices”

Powering Trust Roadshow – First Event 9/19 in San Francisco

September 09, 2013

TRUSTe is joining forces with key industry partners in the emerging privacy-tech ecosystem for the 2013 ‘Powering Trust’ Roadshow.

This first of its kind event will better prepare Marketing and Privacy executives at brands, publishers, and agencies to manage the complex data privacy challenges associated with the innovative marketing and advertising solutions they need to run their online businesses.

Read more “Powering Trust Roadshow – First Event 9/19 in San Francisco”

Data Anonymization

April 16, 2013

Jim Rennie
Sr Product Counsel | TRUSTe

Recently, talk of “anonymizing” or “pseudo-anonymizing” data has been picking up, both publicly online and in private conversations with our clients.

There have been questions on what these terms mean, what they mean for user privacy, and the pitfalls around the practice.

Currently, “anonymizing” is not defined or clearly addressed in TRUSTe’s privacy program requirements.  However, we have developed an understanding of the practice over time that we apply evenly to all of the participants in our privacy programs.  We also provide guidance on privacy best practices to clients on this topic and other practices, which are not covered by our program requirements.

TRUSTe defines anonymizing as taking information that is currently Personally Identifiable Information (PII) and permanently turning it into non-identifying data.  We identify pseudo-anonymizing as taking data that is currently PII and turning it into non-identifying data that can be returned from its anonymized state to PII in the future.

One of the simplest forms of anonymization that takes place every day on nearly every website: analytics.  Services like Google Analytics take PII such as an IP Address combined with other detailed information, then anonymizes and aggregates the data to provide useful graphs such as the percentage of site visitors that use Mozilla Firefox.  In this situation, anonymization increases user privacy, because the site does not need to retain any PII to get the information they require. Read more “Data Anonymization”

Forrester Updates Their Report on Effective Privacy Program Measurements

March 28, 2013

Forrester’s report on effectiveness of privacy program measurement.

Forrester issued the latest revisions to the “Effective Privacy Program Measurements Report which draws from a wealth of analyst experience, insight and research through advisory and inquiry discussions with more than 50 Chief Information Security Officers. Additionally, end users, vendors, industry experts (including Verdasys and Varonis Systems) contributed to the report which was composed by the Security & Risk Professionals team at Forrester, including Ed Ferrara and Andrew Rose (Principal Analysts), Stephanie Balaouras (Vice President and Research Director) and Kelley Mak (Research Associate).

Forrester talks about how sensitive privacy issues are due to the emotional response that they trigger in consumers.

“Although most people probably can’t easily define it. However, they know they want their personal information to remain private unless they themselves release it, and they feel unnerved, even angry, when they feel a trusted party has breached their privacy. The emotional aspect makes it difficult to evaluate privacy concern: Directly asking about a privacy issue may result in an emotional and biased response.”

It is noted that “the emotional aspect of privacy makes both customer and employee privacy a critical issue for business and S&R professionals.” It results in an intense emotional reaction to your customer’s privacy being breached and, it becomes likely that you will lose their trust, confidence, and business. Read more “Forrester Updates Their Report on Effective Privacy Program Measurements”