Meet TRUSTe: Heidi Berger, Director, Product Management

MeetHeidi (1)

Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe.  

Name: Heidi K. Berger, CIPP/US

Job Title: Director, Product Management

How long have you worked at TRUSTe? 11 years! (I started on March 17, 2004).

Tell us about your role at TRUSTe: My career at TRUSTe started as a Client Services Manager directly supporting our Enterprise customers. Back in 2004 there were only 18 employees in the entire company and only three of us in client services! I soon began managing the department and was fortunate enough to build strong client services and support teams in San Francisco and Cebu, Philippines with about 35 people servicing 4,000 customers. I had the amazing experience of helping to successfully transition our business from non-profit to for-profit so we could continue to invest in technology that is so vital to staying ahead of quickly evolving data privacy threats. Now I get to help develop, create and improve our products!

Read the rest of this entry »


New TRUSTe Certification Available to Demonstrate Privacy Compliance Across the Enterprise

privacy seal_blog

With the rapid expansion in digital properties and heightened data privacy concerns, maintaining trust is more important than ever. It is no longer enough to say that an individual website or mobile app has good privacy practices. Companies need to be able to demonstrate to customers, employees, partners and regulators that they have strong data privacy management practices across the whole enterprise.

To meet these evolving business requirements, TRUSTe is launching Enterprise Privacy Certification for general availability on April 1, 2015. This new offering consolidates five separate privacy services – TRUSTed Websites, TRUSTed Apps, TRUSTed Cloud, US-EU Safe Harbor Prep and APEC into one comprehensive Certification package. The new Enterprise Privacy Certification will enable companies to demonstrate broader privacy compliance across the company rather than focusing on individual websites, apps or cloud platforms.

Four levels of Enterprise Privacy Certification are available – Standard, Enhanced, EU Safe Harbor Preparedness, Enhanced APEC, or Comprehensive – designed to meet the expanded needs of global organizations. These changes will make it easier for an enterprise to expand the scope of their Certification to include:

  • All online properties across the enterprise – for companies with large numbers of online properties, testing of online properties will be conducted using an audit process and sampling methodology based on the AICPA Audit Guide, Government Auditing Standards for financial statement and compliance audits
  • Select offline and employee data management practices, consistent with US-EU / US-Swiss Safe Harbor and Asia-Pacific Economic Cooperation (APEC) Frameworks.

Certified enterprises will be entitled to display the globally recognized TRUSTe Certified Privacy Seal or the APEC Certified Privacy Seal, depending on the certification option they achieve. We have also introduced enhanced online validation pages to provide consumers with greater transparency about the scope of the Certification through clear and concise descriptions of the components of the Certification Standards that the company meets.

We have also revised our TRUSTe Certification Standards to support this new structure. We continually review and periodically amend our Certification Standards to respond to evolving privacy practices and regulatory developments. For example, we recently published amended APEC Privacy Certification Standards as part of our renewal as an Accountability Agent for the APEC Cross Border Privacy Rules (CBPR) System.

Further details of the changes are included on the Enterprise Privacy Certification Page on the website or you can contact Joanne Furtsch, Director of Product Policy, at


Join Privacy Professionals At This Week’s Meetup Event

Privacy MeetUp

The Privacy Innovation & Technology Meetup group invites you to join them on Thursday, March 26th at TRUSTe headquarters in San Francisco for an evening of networking and discussion of of-the-moment privacy topics. The event will be held from 6-8 p.m.

The topic for the evening will be “Demystifying Privacy Engineering.” Alexandra Ross (@sharemindfully), founder of The Privacy Guru and Senior Counsel at Paragon Legal, will be the speaker for the evening and will delve into the topic of “Privacy in the GRC Space.”

The San Francisco TRUSTe office is located at 835 Market Street, #800. Join in the conversation by using the hashtag #PrivacyMeetup.

To RSVP and join the Privacy Innovation & Technology Meetup group, click here.



EdTech – A Threat to Student Privacy?


By Keith Dennis, CEO of AssertID

It would be difficult to overstate the benefits that properly implemented education technology (EdTech) can bring to learning. In the classroom, EdTech holds the potential to improve teacher efficiency and effectiveness – to make learning more engaging for students by letting teachers adapt course content and pace to the needs of the individual student. Out of the classroom, EdTech can bring education to tens of millions who would otherwise have no access to structured educational content or, to simply extend student engagement and learning beyond classroom hours.

EdTech is already well entrenched in the classroom, so it should come as no surprise that many teachers now consider EdTech indispensable. But EdTech does have its “dirty little secret” and this secret relates to student privacy. Although there are EdTech apps and cloud services that ensure students’ personal information and educational records are properly secured, there are also many that do not.

“How can this be?” you might ask. Certainly there are laws to ensure that this student data is protected. Well yes, there are federal laws designed to protect student data: the Family Education and Privacy Act (FERPA), and the Protection of Pupil Rights Amendment (PPRA). In addition, the Children’s Online Protection Act (COPPA) — although not targeting students specifically, does offer protection for a sub-set of students — children under age 13. The question is: How effective are these laws?

Due to their complexity, an in-depth analysis of these laws is beyond the scope of this post. Rather, my focus is on one characteristic of these laws that is contributing to this student privacy exposure – the disconnect between control and responsibility. By this I mean that the entity having control over how student data is used is more often than not, not the entity legally responsible for ensuring that this data is used appropriately.

Read the rest of this entry »


Meet TRUSTe: Tony Berman, Senior Product Manager

Meet Tony Berman

Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. 

Name: Tony Berman

Job Title: Senior Product Manager

How long have you worked at TRUSTe? A little over 3 years.

Tell us about your role at TRUSTe: I am primarily focused on developing tools and services that privacy and compliance teams can use to improve the effectiveness of their privacy program governance. I am very excited about the positive feedback we have received for the new Assessment Manager module in TRUSTe’s Data Privacy Management Platform that empowers our customers to centralize and streamline the privacy assessment process.

Tell us about your CIPP certification and why you decided to get CIPP certified? I don’t think it is possible to create tools and services to help companies without first fully understanding the environment within which they operate and the multiple regulatory issues and challenges they face. CIPP certification has provided me not only the insight into what needs to be complied with, but has also helped me to become a credible part of the privacy community. My CIPM certification has been a great benefit in understanding how a privacy function should operate and the tools needed to ensure proper data privacy governance.

Read the rest of this entry »


Topic of Focus at Recent NYC Roundtable: Employee Data Management

Security concept: Privacy on digital background

On March 12, TRUSTe hosted a privacy roundtable event at the W Hotel in New York City covering “Employee Data Management.”  Panelists led a discussion sharing guidance on how to assess privacy compliance risks and ensure the proper management of employee data.

With the introduction of wearables in the workplace and employees using their own devices for both work and personal use, new HR privacy questions and challenges have surfaced. Particularly when considering the tools available for transferring HR data across borders including APEC, BCRs and EU Safe Harbor.

Read the rest of this entry »


DAA & BBB Guest Speakers at TRUSTe Webinar on Compliance for Mobile & Desktop Advertising

Computer keyboard webinar

Keeping compliant with the latest privacy regulations, tools and best practices is critical in order to avoid fines and reputational damage, while saving your privacy team time and money. For this most recent webinar, we turned our focus to the advertising space.

TRUSTe hosted a webinar with guests from the Digital Advertising Alliance (DAA) and the Better Business Bureau (BBB) on Monday, March 9. The hour-long webinar titled, “2015 Compliance for Mobile and Desktop Advertising” was moderated by Kris Vann, Senior Product Marketing Manager at TRUSTe, with speakers Kevin Trilli, VP of Product at TRUSTe, Genie Barton, VP and Director, Online Behavioral Advertising Program and Mobile Marketing Initiatives at the Council of Better Business Bureaus (CBBB), and Lou Mastria, the Executive Director at the DAA.

Read the rest of this entry »


For OBA Compliance, 2014 was a Good Year

The European Interactive Digital Advertising Alliance (EDAA) released its 2014 Activity Report today that showed Europe made great strides in ensuring consumer awareness and trust in online advertising this past year.

Awareness of and the OBA Icon is spreading. In December of 2014, website traffic reached 5.4 million visitors, more than double the level seen in 2013 and approximately five times more than in 2012.

The report includes findings from the EU Advertising Consumer Research Index 2014 commissioned by the TRUSTe and the EDAA.

Highlights from today’s EDAA Report include:

  • The Consumer Choice Platform is now live in 33 countries and available in 27 languages.
  • One in 25 European citizens say they have visited for more information about OBA.
  • Comparative data shows awareness of the OBA Icon has doubled in the UK in the last two years (13% to 26%).
  • Consistency across European markets has increased: 10 national self-regulatory organisations (SROs) under EASA’s umbrella have developed new remits for OBA based upon “tried and tested” advertising consumer complaints and enforcement mechanisms.

“The EDAA’s 2014 Activity Report shows significant progress on the path towards greater consumer awareness and trust while enabling the delivery of content, services and applications to people right across Europe at little or no cost,” said Nick Stringer, Chair of the EDAA and Director of Regulatory Affairs at the Internet Advertising Bureau UK (IAB, UK).

The pan-European Self-Regulatory Programme gives citizens better transparency and control over Online Behavioral Advertising (OBA) by allowing people to opt-out of ads by clicking on the OBA Icon and is being used across all European markets.

For companies that want to comply and use the EDAA OBA icon, here’s how the process works: First a company needs to apply to the EDAA for a license to use the OBA icon and to integrate with the Consumer Choice Platform on Companies must then self-certify by presenting evidence to the EDAA that they are compliant with EDAA OBA practices. Within one month of self-certification, companies must get an independent verification of compliance with an EDAA-approved certification provider. This process includes a 30-day period of continuous monitoring of compliance. After this period, compliant companies will be given the EDAA Trust Seal.

TRUSTe is an approved provider of the OBA icon and EDAA Trust Seal. Find out more here. If you have any questions fill out the form here and a TRUSTe privacy expert will follow-up with you.


Older posts «

» Newer posts