Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

TRUSTe to Pay $200,000 Under Agreement With FTC on Privacy Seal Program Charges

TRUSTe Reaches Agreement With FTC on Privacy Seal Program Charges

TRUSTe Reaches Agreement With FTC on Privacy Seal Program Charges

Data privacy management solutions provider TRUSTe has agreed to pay $200,000 as part of a settlement with the United States Federal Trade Commission (FTC), which accused the company of failing to conduct annual re-certifications for some customers, and facilitating misrepresentation as a non-profit entity.

Many organizations rely on TRUSTe’s seals to show their customers that they meet consumer privacy requirements such as the ones detailed in the US-EU Safe Harbor Framework and the Children’s Online Privacy Protection Act (COPPA).

However, according to a complaint filed by the FTC, TRUSTe failed to conduct annual re-certifications between 2006 and January 2013 for customers who signed up for multi-year agreements (over 1,000 cases). A second charge refers to the fact that TRUSTe changed its corporate status from “non-profit” to “for-profit” in 2008, but failed to ensure that the organizations using its seals updated their privacy policies to reflect this change.

“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge. Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action,” FTC Chairwoman Edith Ramirez said in a statement on Monday. 

As part of its settlement with the FTC, TRUSTe must pay $200,000, and avoid making misrepresentations about its certification process and its corporate status. In its annual filing to the FTC, the company, which is a COPPA Safe Harbor certification provider, must supply detailed information regarding its COPPA-related activities, and maintain comprehensive records on these activities for a period of ten years.

In a blog post published on Monday, TRUSTe CEO Chris Babel admitted that two of the company’s processes were flawed. Babel explained that the annual reviews not conducted in the case of multi-year customers represented only 10% of the total number of reviews in the period between 2006 and January 2013.

“Multi-year clients that did not undergo the annual review step of their certification were reviewed when their agreements were up for renewal. Because over 90% of multi-year clients signed two-year contracts, the vast majority were reviewed every other year,” Babel explained.

Advertisement. Scroll to continue reading.

The annual re-certification issue was addressed by TRUSTe in January 2013 when the company implemented new controls for the process. The corporate status issue was addressed late last year when the company started requiring customers to remove the non-profit reference from their privacy policy before being re-certified, Babel said.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...