Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

TRUSTe to Pay $200,000 Under Agreement With FTC on Privacy Seal Program Charges

TRUSTe Reaches Agreement With FTC on Privacy Seal Program Charges

TRUSTe Reaches Agreement With FTC on Privacy Seal Program Charges

Data privacy management solutions provider TRUSTe has agreed to pay $200,000 as part of a settlement with the United States Federal Trade Commission (FTC), which accused the company of failing to conduct annual re-certifications for some customers, and facilitating misrepresentation as a non-profit entity.

Many organizations rely on TRUSTe’s seals to show their customers that they meet consumer privacy requirements such as the ones detailed in the US-EU Safe Harbor Framework and the Children’s Online Privacy Protection Act (COPPA).

However, according to a complaint filed by the FTC, TRUSTe failed to conduct annual re-certifications between 2006 and January 2013 for customers who signed up for multi-year agreements (over 1,000 cases). A second charge refers to the fact that TRUSTe changed its corporate status from “non-profit” to “for-profit” in 2008, but failed to ensure that the organizations using its seals updated their privacy policies to reflect this change.

“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge. Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action,” FTC Chairwoman Edith Ramirez said in a statement on Monday. 

As part of its settlement with the FTC, TRUSTe must pay $200,000, and avoid making misrepresentations about its certification process and its corporate status. In its annual filing to the FTC, the company, which is a COPPA Safe Harbor certification provider, must supply detailed information regarding its COPPA-related activities, and maintain comprehensive records on these activities for a period of ten years.

In a blog post published on Monday, TRUSTe CEO Chris Babel admitted that two of the company’s processes were flawed. Babel explained that the annual reviews not conducted in the case of multi-year customers represented only 10% of the total number of reviews in the period between 2006 and January 2013.

“Multi-year clients that did not undergo the annual review step of their certification were reviewed when their agreements were up for renewal. Because over 90% of multi-year clients signed two-year contracts, the vast majority were reviewed every other year,” Babel explained.

The annual re-certification issue was addressed by TRUSTe in January 2013 when the company implemented new controls for the process. The corporate status issue was addressed late last year when the company started requiring customers to remove the non-profit reference from their privacy policy before being re-certified, Babel said.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.