FTC Revises FAQ Guidance on COPPA and Verifiable Parental Consent

FTC updates COPPA FAQs.

This week the FTC released updates to its Children Online Privacy Protection Act (COPPA) Frequently Asked Questions. The FAQs provide specific guidance for COPPA compliance and the updates reflect new and clarified guidelines on parental consent methods.

If your website, Mobile App, or other online service collects data from children under the age of 13, COPPA (and these updates) apply to you.

1.  All Online Service Providers: Updates to Verifiable Parental Consent Guidelines

COPPA requires that online services gain “verifiable parental consent” before collecting data from children under the age of 13.  The FTC provides several approved mechanisms for gaining verifiable parental consent, but has long said that companies are not limited to those mechanisms and may use any consent method that is “reasonably calculated” to verify that the consenting individual is in fact the child’s parent.

One FTC-approved verification method requires that the parent enter a credit or debit card number.  Previously, the guidelines specified that using a credit or debit card to obtain consent needed to be “in connection with a financial transaction.”  The rationale behind the transaction requirement is that the charge appearing on the parent’s financial statement serves as an additional notice and consent safeguard.

The updates note that companies may use a credit or debit card to obtain verifiable consent in absence of a financial transaction if the credit or debit card information is supplemented with other confirmation measures. Such measures include asking security questions to which only the parent would know the answer, or finding supplemental ways to contact the parent for confirmation.  This reflects the FTC’s long-standing position that companies may choose a consent mechanism that works for their business, so long as it is reasonably calculated to identify that the person providing consent is the parent.

Read the rest of this entry »


TRUSTe Supports Intuit’s Move to Open Source Mobile Privacy Code and Make It Available to Developers

Short-form privacy notice for mobile apps validated by TRUSTe for mobile app developers.

Intuit and Application Developers Alliance today announced the availability of open source software code for developers to implement short-form privacy notices—simple, easily understandable screens that clearly inform consumers what data the app is collecting and with whom the data is shared.  With this open source code, small app developers can use the same template for their mobile privacy notice that Intuit currently uses in Intuit QuickBooks Online for mobile devices. TRUSTe played an important role in Intuit’s short form notice by agreeing to host it under the TRUSTe Privacy Seal program.

Read the rest of this entry »


Bluelock Makes Privacy and Data Security a Top Priority

By Megan Gish, Bluelock

We’re proud to announce that Bluelock has completed self-certification of compliance with the United States – European Union Safe Harbor Framework. This completion of this framework allows customers to use Bluelock’s service with confidence that personal information will be secure.

Bluelock undertook several internal audits to comply with the U.S.-EU Safe Harbor Framework as set forth by the Department of Commerce regarding the collection, use and retention of personal information from customers. Bluelock adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

In addition to Safe Harbor, TRUSTe, the most recognized Internet privacy seal program in the world, also granted Bluelock the TRUSTe Privacy Seal, which signifies their privacy policy and practices have been reviewed for compliance with the TRUSTe program.

“As a company who protects and recovers important data and applications, it’s easy to understand why data privacy is of critical importance to Bluelock,” says Chris Babel, CEO at TRUSTe. “With the TRUSTe privacy seal, Bluelock sends a clear signal to its customers that it respects and will protect their personal information.”

When providing cloud-enabled managed hosting services, Bluelock retains personal data processed on behalf of its clients, keeping data secure for the expanse of the customer relationship. With Safe Harbor certification, customers of Bluelock can trust their data is safe.

Martin Van Buren, chief operating officer, Bluelock adds, “Meeting the requirements of a major compliance framework demands time and resources, and Bluelock’s ability to gain Safe Harbor certification serves as a testament to the vision of our corporate leadership team.”

Attaining the Safe Harbor certification demonstrates how valuable our customers’ information and privacy is to us, and showcases our commitment to continually serve our customers better. In addition, our designation as SAP-certified provider of cloud and hosting services for SAP solutions confirms our ability to deliver high-quality cloud and hosting services for customers running SAP solutions.

In today’s business landscape, it is crucial to earn your consumer’s trust and ensure that you will protect their personal data. According to a recent TRUSTe study, 76% of consumers are more likely to check websites and apps for a privacy certification or seal. To find out more about TRUSTe’s privacy certification programs, visit http://www.truste.com/products-and-services/enterprise-privacy/certifications.


Last Chance to Register for Webinar on Privacy Investment Success Stories

Time is running out! Don’t forget to register for the third and final session of the TRUSTe webinar series with Forrester Research on Thursday, July 24th at 10am PDT, titled “Making the Most of your Data Privacy Management Investment.”

Attend to learn about the benefits of privacy investment, what resources are needed for ongoing management of privacy strategies, key drivers for financing privacy in your organization and how to effectively measure the success of your program.

Register now to hear best practices from AT&T, Intuit, Forrester Research and TRUSTe.


European Cookie Sweep Initiative: Are You Compliant?

By Eleanor Treharne-Jones, CIPP/E, Director, Global Communications & EU Marketing, TRUSTe

In our data-driven world, it is vital that businesses know how to win and maintain consumer trust online. In the EU this can sometimes seem even more complicated because of the increasing complexity of privacy regulations and the different approaches to implementation across 28 Member States.

With the introduction of the EU Cookie Directive and the proposed EU Data Protection Regulation there have been concerted efforts by regulators to set common standards for data privacy across the EU. But as anyone doing business in the EU should be aware, there are still markedly different approaches to compliance and consumer attitudes across key EU markets.

From 15-19 September, 2014 EU Data Protection Authorities will review compliance with the EU Cookie Directive in a new initiative named “European Cookies Sweep Day”. This coincides with an announcement from the French Data Protection Authority – the CNIL – that they will start onsite and remote inspections to verify compliance with their latest cookie guidelines in October.

Read the rest of this entry »


TRUSTed Assessments Helps Companies Address Global Privacy Compliance Challenges Today

Data is the vehicle driving today’s enterprises, and while technological innovations are continually feeding the ever-increasing and insatiable appetite for data, the sheer volume of data is creating greater challenges for those tasked with data privacy protection. According to a 2014 IAPP study of 400 privacy professionals, not only is data risk assessment one of the top two priorities for organizations, but these privacy professionals also urgently need tools to effectively perform their jobs.

While challenges of the global privacy landscape continue to grow and change at a rapid pace, companies must quickly assess their current policies and implement programs that will both protect their brand reputation and minimize privacy compliance risk.

Read the rest of this entry »


Webinar: Privacy Investment Done Right

Join TRUSTe on July 24th at 10am PDT for the third and final session of the TRUSTe webinar series with Forrester Research titled “Making the Most of your Data Privacy Management Investment.”

Tune in live to hear privacy investment success stories from leading brands AT&T and Intuit and learn how it can work for you and your business.

There’s no better way to understand the importance of investing in privacy than hearing from industry leaders, who have already achieved success. While the initial reasons for investing for privacy may vary, the positive results are quite commonly shared across the enterprise. Register now to hear first-hand about the solid business reasons for investing in privacy.

Attendees of this webinar will learn:

  • Tips on getting stakeholder buy-in, implementing an effective privacy program and measuring for success
  • What resources are needed for ongoing management of your data privacy management strategy
  • How the benefits of privacy investment can extend throughout your entire organization

Speakers will include:

  • Fatemeh Khatibloo, Senior Analyst, Forrester Research
  • Sachin Kothari, Director of Online Privacy, Compliance & Standards, AT&T
  • Barbara Lawler, Chief Privacy Officer, Intuit
  • Chris Babel, CEO, TRUSTe

Register today!


Industry Leaders Tackle Privacy Challenges at Internet of Things (IoT) Summit

The Internet of Things Privacy Summit hosted by TRUSTe was a resounding success yesterday as experts from top organizations, universities, law firms and companies across the privacy and tech ecosystem came together to discuss, debate and define the privacy needs of the new interconnected world and scope out the next generation of solutions. Read recent coverage of the event by USA Today, Politico, KQED Forum and  IT Business Edge.

The day was filled with lively discussion as speakers covered a variety of topics including: emergence of the industrial Internet, big data vs. privacy and security, moving beyond mobile to the next frontier for behavioral advertising on connected devices, the emergence of compliance in the new IoT era.

Privacy leaders at the IoT Summit 2014
TRUSTe Panel at 2014 IoT

TRUSTe also announced the formation of a multi-stakeholder IoT Privacy Tech Working Group to identify the technical standards and best practices necessary to help enhance consumer privacy in the Internet of Things. Groups and individuals with expertise in this area should e-mail iot@truste.com to register their interest. The news was covered today by DM News and Politico.

Many thanks to our speakers, partners and sponsors who helped make the summit a huge success.

Goodies at TRUSTe’s 2014 IoT summit
TRUSTe hosts the 2015 IoT Summit

The Summit panel sessions were recorded and are available online: http://www.truste.com/events/iot/live/

A big thank you to our sponsors, Morrison Foerster, Davis Wright Tremaine LLP, PwC, Promontory; to our partners CDT, FPF, MEF, OTA, The National Cyber Security Alliance; programming support from IAPP; and media partner Cecile Park. The event would not have been possible without your support!

Save the date for the 2015 Internet of Things Privacy Summit on June 18, 2015 at the Computer History Museum, Mountain View. Please contact eleanor@truste.com to inquire about early bird savings for partners and sponsors.

Older posts «

» Newer posts