|CEO: Chris Babel - CFO: Tim Sullivan - VP Product: Kevin Trilli - VP Marketing: Dave Deasy|
Number of employees
TrustArc (formerly TRUSTe) is a technology compliance and security company based in San Francisco, California. The company helps corporations update their technology so that it complies with government laws, or operates using best practices.
TRUSTe was founded as a non-profit industry association in 1997 by Lori Fena, then executive director of the Electronic Frontier Foundation (EFF), and Charles Jennings, a software entrepreneur, with the mission of fostering online commerce by helping businesses and other online organizations self-regulate privacy concerns. Toward this end TRUSTe launched its flagship Privacy Seal Program, providing privacy seals to websites who abide by a set of fair information privacy practices and agreed to participate in the company's consumer privacy dispute resolution service.
TRUSTe was developed from an earlier program named Privacy Assured launched in 1996 by Timothy Dick, CEO of WorldPages an international business directory service, which was later acquired by BT. The initial five members were match.com, Four11 / Yahoo!, NetAngels, I/PRO (first web metrics company), and WorldPages. Within two months, over 30 companies had joined Privacy Assured. Privacy Assured approached EFF about setting up an independent entity and learned that EFF was contemplating an internet privacy initiative. A former principal at Boston Consulting Group, Tim Dick brought in former BCG colleagues who produced a landmark pro-bono study which established much of the internet privacy principles in use today, and on which TrustArc remains built.
TRUSTe's founding Executive Director, Susan Yamada, formerly editor of Upside Magazine, served until 2001. In 2000, TRUSTe became the first organization to join the U.S. Department of Commerce's, and the European Union's Safe Harbor framework, and subsequently launched its EU Safe Harbor Seal Program. The US-EU Safe Harbor was agreed upon by the U.S. Department of Commerce and the European Union to provide a framework for American companies to comply with European data and privacy standards.
In 2008, TRUSTe changed its structure from a non-profit industry association to a venture-backed for-profit company, raising its first round of capital from Accel Ventures. This raised questions about whether the organization is appropriately tough on the companies it certifies.
Chris Babel, former Senior Vice President of VeriSign's worldwide Authentication Services, joined TRUSTe as chief executive officer in November 2009. Maier resigned her position in 2012.
In 2013, TRUSTe was approved by the European Interactive Digital Advertising Alliance (EDAA) as an official Certification Provider for the EU Self-Regulatory Programme for Online Behavioural Advertising (OBA). The same year, TrustArc was named the first approved Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System.
On Nov 17th 2014, the Federal Trade Commission announced that TRUSTe had agreed to settle charges that it deceived consumers about its recertification program, and perpetuated its misrepresentation as a non-profit entity against a $200,000 penalty. From 2006 to 2013 TrustArc failed, in over 1000 instances, to conduct annual privacy checks on the companies it certified. Consumer organizations, the Center for Digital Democracy and the Consumer Federation of America, argued for higher penalties and more FTC oversight, but the FTC declined to increase the penalties.
On June 6, 2017, the company changed its name from TRUSTe to TrustArc.
Meaning of TRUSTe seal
The TRUSTe seal indicates that the site has self-certified as complying with the site's own privacy statement and TrustArc's program requirements. It does not indicate that a web site complies with a specific set of privacy rules, such as the European Union's Data Protection Directive.
TrustArc claims to enforce its privacy rules, and operates a "Watchdog" operation which accepts consumer complaints. TrustArc described its enforcement process in a filing with the U.S. Federal Trade Commission in 2000. From 2000 to June 2004, TrustArc published "Watchdog Reports" reporting their enforcement actions. The final report, for June 2004, shows 256 reports received and 130 reports closed. All 130 reports were resolved with "Issue Handled with no changes necessary to the Privacy Statement nor the Site". In no case was an enforcement action taken. In 2004, no enforcement actions were taken. In 2003, one enforcement action was taken, out of over a thousand complaints. After June 2004, TrustArc ceased reporting on enforcement actions, despite the statement in its FTC filing that it would publish such reports at least twice a year.
In 2012, TrustArc published a "Transparency Report" which did not list individual enforcement actions, but did indicate that, after over 4000 consumer complaints, TrustArc took only 9 enforcement actions during 2012, 3 of which resulted in termination of TrustArc endorsement.
In 2002, Wired Magazine questioned whether TrustArc could be trusted, noting that rather than revoking privacy seals for violations, "TRUSTe officials often seemed to be covering for their clients".
Dr. Benjamin Edelman of the Harvard Business School found in January 2006 that sites with TrustArc certification were 50% more likely to violate privacy policies than uncertified sites. Dr. Edelman has also reported that TrustArc does not go far enough to punish seal holders that break TrustArc's rules and that the organization is not quick enough in revoking the seal on companies that violate privacy standards.
In 2008, a Galexia Consulting study reported that TrustArc had terminated only one customer for non-compliance in the previous eleven years, despite a number of significant privacy violations which had received press coverage. "The most significant criticism of trustmarks is that in practice they have proved to be virtually worthless in the face of major privacy breaches. Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members."
- "Operating Geos". Yahoo Finance. 25 June 2013.
- "The Hundredth Window:Protecting Your Privacy and Security in the Age of the Internet". Simon and Schuster Free Press. Retrieved 2008-08-19.
- CNET STAFF (October 17, 1997). "WorldPages spans globe". cnet.com. CNet Magazine.
- Children's Privacy Seal
- Angwin, Julia (1998-02-12). "Media innovation must come from the free market". The San Francisco Chronicle.
- "Interagency Public Workshop: Get Noticed: Effective Financial Privacy Notices".
- "Privacy group to put seal on spam". CNET.
- Hansell, Saul (July 15, 2008). "Will the Profit Motive Undermine Trust in Truste?". New York Times.
- "People". TrustArc. Retrieved 2017-06-07.
- "EDAA Certification".
- "APEC Certification".
- "FTC press release".
- Wyattnov, Edward (Nov 17, 2014). "F.T.C. Penalizes TRUSTe, a Web Privacy Certification Company". New York Times.
- Davis, Wendy (March 18, 2015). "TRUSTe Finalizes Settlement With FTC". Media Post.
- "TRUSTe Transforms to TrustArc". TrustArc. Jun 6, 2017. Retrieved 2017-06-07.
- "Privacy Certification Standards". TrustArc. 2011. Archived from the original on October 8, 2011.
- "TRUSTe web site privacy seal compliance-escalation process" (PDF). Federal Trade Commission. 2000.
- "TRUSTe watchdog reports". TrustArc. 2008. Archived from the original on 2012-04-02.
- "TRUSTe Transparency Report for 2012". TrustArc. 2012.
- Boutin, Paul (April 9, 2002). "Just how Trusty is TrustE?". Wired.
- Edelman, Benjamin (September 25, 2006). "Certifications and Site Trustworthiness". Retrieved 2008-07-03.
- Edelman, Benjamin (March 18, 2008). "Coupons.com and TRUSTe: Lots of Talk, Too Little Action". Retrieved 2008-07-03.