Increasing Transparency with California AB 370

September 23, 2013

Joanne Furtsch, Director of Product Policy
@privacygeek

In August 2013, both the California State Assembly and Senate unanimously passed AB 370, which is an amendment to CalOPPA.  The bill amends the privacy policy disclosure requirements that companies need to disclose within their privacy policies:

  • How they will respond to a Web browser signal such as Do Not Track (DNT) or other mechanism that provides consumers with the ability to exercise choice, or
  • Whether third parties collect data through the website or online service.

Read more “Increasing Transparency with California AB 370”

Moving Privacy onto the Map

December 21, 2012

Joanne McNabb Director of Privacy Education and Policy | Office of the Attorney General | California Department of Justice I attended a health privacy conference recently and was surprised at how much mobile dominated the conversation, both in sessions and during breaks. Privacy officers in healthcare organizations are struggling to balance the benefits of easy, real-time smartphone consultations among docs with appropriate privacy controls. Privacy officers’ Bring Your Own Device challenge is exacerbated by the difficulty in determining what’s going on in the mobile space: many apps still don’t provide privacy policies. Of course, I may have mobile tunnel vision, … Continue reading Moving Privacy onto the Map

How many start-ups does it take to write a privacy policy?

February 15, 2012

Chris Babel
CEO | TRUSTe

Privacy breakdowns continue to pop up across a variety markets with the biggest headlines coming from two VC-backed mobile app start-ups, Path and Hipster. Both were called out by independent tech professionals for privacy violations stemming from the unauthorized access of user address books stored on their mobile phones, and both have quickly taken responsibility for the issue. Path has taken the additional step to seek help from privacy experts (in the spirit of full disclosure, Path has talked to TRUSTe regarding our privacy management solutions), while Hipster has elected an alternative approach, calling on their mobile start-up colleagues to jointly craft a privacy pledge for the mobile app ecosystem (see responses from Path and Hipster). While Hipster should be applauded for their efforts to raise visibility of an important problem, and while I appreciate the spirit of the suggestion, it is unlikely to address the core problem simply because the issue of privacy cannot be boiled down to taking a pledge to “do the right thing”. In order to define “the right thing”, one needs to fully understand the intricacies of data flows through the online ecosystem, all the nuances of privacy regulation, and how they might apply to each unique business model.

Privacy management is becoming increasingly complex due to the emergence of new compliance requirements, advancements in targeting capabilities, and supporting technology required to monitor and manage data privacy. 2011 saw a record number of FTC privacy cases, legislative proposals, and media coverage into online privacy. End-user concern was also at high levels – with 90 percent of consumers indicating they were concerned about their privacy online; and 88 percent of consumers indicating they would avoid doing business with companies they did not believe were protecting their privacy online.

Read more “How many start-ups does it take to write a privacy policy?”

TRUSTe Among Top Privacy Blogs

August 25, 2009

The TRUSTe blog was named in this informative list of top privacy blogs. This blog has some great lists for businesses and consumers interested in privacy and security.

‘Do unto others how you’d want them to do unto you’

October 01, 2008

You may be a small business, but chances are you collect some form of PII. Even small businesses are accountable for the safety of user PII, and thereby must take adequate measures to protect it. Lead Microsoft.com editor Monte Enbysk gathered TRUSTe’s insight to help develop 6 privacy tips for small businesses: 1. Take inventory of the personal information you collect and store. 2. Analyze how safely you use and store this data. 3. Make sure you’re complying with industry or federal laws. 4. Post a privacy policy that is clear and comprehensive. 5. Have your policy reviewed by an … Continue reading ‘Do unto others how you’d want them to do unto you’

Competitive Litigation on Privacy Policy Violations

August 06, 2008

Everybody knows about how the pesky little privacy policy on your website can land you in hot water with the FTC. Under the FTC Act, deceptive and unfair practices against consumers can get you a 20 year relationship with the FTC and a hefty fine. For the most part though, the resources of the FTC are such that they can’t go after every company that violates its privacy policy. Also, its really for individuals to pursue cases as most of us don’t have big litigation war chests to sue companies that violate our privacy. All that has now changed. The … Continue reading Competitive Litigation on Privacy Policy Violations