|CEO: Chris Babel|
Number of employees
TrustArc (formerly TRUSTe) is a technology compliance and security company based in San Francisco, California. The company helps corporations update their privacy management processes so they comply with government laws and best practices.
TRUSTe was founded as a non-profit industry association in 1997 by Lori Fena, then executive director of the Electronic Frontier Foundation (EFF) and Charles Jennings, a software entrepreneur, with the mission of fostering online commerce by helping businesses and other online organizations self-regulate privacy concerns. Toward this end TRUSTe launched its flagship Privacy Certification Program, providing privacy certification to websites who abide by a set of fair information privacy practices and agreed to participate in the company's consumer privacy dispute resolution service.
TRUSTe was developed from an earlier program named Privacy Assured launched in 1996 by Timothy Dick, CEO of WorldPages an international business directory service, which was later acquired by BT. The initial five members were match.com, Four11 / Yahoo!, NetAngels, I/PRO (first web metrics company), and WorldPages. Within two months, over 30 companies had joined Privacy Assured. Privacy Assured approached EFF about setting up an independent entity and learned that EFF was contemplating an Internet privacy initiative. A former principal at Boston Consulting Group, Tim Dick brought in former BCG colleagues who produced a landmark pro-bono study which established much of the Internet privacy principles in use today, and on which TrustArc remains built.
TRUSTe's founding Executive Director, Susan Yamada, formerly editor of Upside Magazine, served until 2001. Fena went on to serve as board chair. In 2000, TRUSTe became the first organization to join the U.S. Department of Commerce's, and the European Union's Safe Harbor framework, and subsequently launched its EU Safe Harbor Seal Program. The EU-US Safe Harbor was agreed upon by the U.S. Department of Commerce and the European Union to provide a framework for American companies to comply with European data and privacy standards. (The EU-US Privacy Shield is a successor to the International Safe Harbor Privacy Principles, which were nullified by the European Court of Justice in October 2015.)
In 2001, TRUSTe became a Children's Online Privacy Protection Act (COPPA) Safe Harbor organization for the Federal Trade Commission and thereafter launched its Children's Privacy Seal Program. That year, Fran Maier, who had helped build Match.com and had been running the company following the departure of its co-founder, Gary Kremen, joined TRUSTe as Executive Director. One of the first efforts was to address consumer issues with spam or unwanted email, which at the time was estimated to comprise 59 percent of all email traffic..
In 2008, TRUSTe changed its structure from a non-profit industry association to a venture-backed for-profit company, raising its first round of capital from Accel Ventures. This raised the question of whether a for-profit company would be less stringent on the companies it certifies than a non-profit.
In November 2009, Chris Babel, former Senior Vice President of VeriSign's worldwide Authentication Services, joined TRUSTe as chief executive officer. Maier remained active in the company until 2014, serving variously as president, CEO and board chair.
In 2013, TRUSTe was approved by the European Interactive Digital Advertising Alliance (EDAA) as an official Certification Provider for the EU Self-Regulatory Programme for Online Behavioural Advertising (OBA). The same year, TRUSTe was named the first approved Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System, which requires “self-assessment; compliance review; recognition/acceptance; and dispute resolution and enforcement.”
On 27 April 2016 the European Union passed the General Data Protection Regulation, extending the scope of the EU data protection law established in 1995 (Directive 95/46/EC and amended by EU directives in 2002, 2006 and 2009) to all foreign companies processing data of EU residents. By offering a single set of guidelines, the EU GDPR is meant to make it easier for non-European companies to comply with EU-member countries data privacy regulations. The GDPR will go into effect in May 2018; businesses that fail to comply could be subject to monetary penalties that are "effective, proportionate and dissuasive", ranging from a simple warning to monetary penalties of up to 4% of the company's annual revenue of the preceding year. To help companies prepare for the new compliance directive, in 2016 TRUSTe partnered with the International Association of Privacy Professionals (IAPP) to offer free GDPR compliance assessment of a company's privacy practices. Announcing the partnership at the 2016 Global Privacy Summit, IAPP president, J. Trevor Hughes, CIPP, said: “It is time to get to work on the tough tasks of understanding and, eventually, complying with the GDPR. Every company doing business in the European Union has some challenges ahead. This tool will help companies understand those challenges.”
On June 6, 2017, the company changed its name from TRUSTe to TrustArc. Today TrustArc provides several solutions to address many articles of the GDPR. The platform also addresses a range of privacy issues, such as data inventory, cookie consent, tracker scanning, ads preferences and dispute resolution.
TrustArc’s certification subsidiary, TRUSTe, provides privacy dispute resolution services. These dispute resolution services are designed to help “efficiently manage privacy inquiries from consumers and addresses dispute handling compliance requirements” of those companies participating in TRUSTe’s dispute resolution program. TRUSTe published general dispute resolution statistics from 2000-2013. Until 2004, they were called called "Watchdog Reports." In 2012, TRUSTe published a "Transparency Report" which did not list individual enforcement actions, but did indicate that it received over 4000 consumer complaints, took nine enforcement actions, three of which resulted in termination of TRUSTe endorsement. As of 2014, TRUSTe compiled program-specific statistics related to specific regulatory frameworks (APEC CBPR; Privacy Shield). While all eligible complaints are investigated and solutions between users and websites are mediated, not all complaints require enforcement actions.
A Wired Magazine article in 2002 questioned whether TRUSTe certification could be trusted, noting that "TRUSTe officials often seemed to be covering for their clients" rather than revoking privacy seals for violations. In January 2006, Harvard economics researcher, Benjamin Edelman published a study showing that sites with TRUSTe certification were 50 percent more likely to violate privacy policies than uncertified sites. Edelman, now an associate professor at Harvard Business School, also reported that TrustArc did not go far enough to punish seal holders that break TRUSTe's rules and was not prompt enough in revoking the seal on companies that violate privacy standards.
On Nov 17th 2014, the Federal Trade Commission announced that TRUSTe had agreed to settle a complaint that it misrepresented to consumers its recertification program, and its status as a non-profit entity, against a $200,000 penalty. The FTC complaint allegedthat from 2006 to 2013 TRUSTe failed, in over 1000 instances, to conduct annual privacy checks on the companies it certified. Consumer organizations, the Center for Digital Democracy and the Consumer Federation of America, argued for higher penalties and more FTC oversight, but the FTC declined to increase the penalties.FTC Commissioner Maureen K. Ohlhausen issued a partial dissent to the FTC ruling, “because TRUSTe never misrepresented its corporate status,” and had informed clients of its for-profit status.
The TrustArc site states that the TRUSTe seal indicates the site displaying the seal has been certified as complying with the site's own privacy statement as well as with the privacy certification standards of TRUSTe "and/or applicable regulatory bodies." The company site indicates that TrustArc’s certification subsidiary, TRUSTe, provides privacy dispute resolution services designed to help “efficiently manage privacy inquiries from consumers and addresses dispute handling compliance requirements” of companies participating in TRUSTe’s dispute resolution program. In 2017, Alibaba Cloud and TrustArc entered a partnership in which TrustArc offers its cloud-based privacy management technology via Alibaba Cloud’s Singapore-based cloud platform, while Alibaba uses TrustArc’s Privacy Management Platform for its own compliance certification services.
In June 2017, the company changed its name from TRUSTe to TrustArc Inc. The company offers privacy compliance software, consulting services and privacy certifications through its subsidiary, TRUSTe LLC.
- International Association of Privacy Professionals
- Future of Privacy Forum
- EU-US Privacy Sheild
- "Operating Geos". Yahoo Finance. 25 June 2013.
- Fena, Lori; Jennings, Charles (2003). The Hundredth Window (PDF). Archive.org: Simon & Schuster. p. xix. Retrieved 27 August 2017.
Lori still serves on its board of directors as chair ...
- "The Hundredth Window:Protecting Your Privacy and Security in the Age of the Internet". Simon and Schuster Free Press. Retrieved 2008-08-19.
- CNET STAFF (October 17, 1997). "WorldPages spans globe". cnet.com. CNet Magazine.
- Children's Privacy Seal
- Angwin, Julia (February 12, 1998). "LOVE'S LABOR LOST Online matchmaker still seeks love, money". San Francisco Chronicle. pp. B3. Retrieved 28 September 2017.
- "Interagency Public Workshop: Get Noticed: Effective Financial Privacy Notices".
- "Privacy group to put seal on spam". CNET.
- Hansell, Saul (July 15, 2008). "Will the Profit Motive Undermine Trust in Truste?". New York Times.
- "People". TrustArc. Retrieved 2017-06-07.
- "EDAA Certification".
- "APEC Certification".
- "APEC CROSS-BORDER PRIVACY RULES SYSTEM" (PDF). Apec.org. Asia Pacific Economic Cooperation Secretariat. p. 4. Retrieved 26 September 2017.
- European Union. "DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002" (PDF). EC.Europa.EU. European Union. Retrieved 14 November 2017.
concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
- European Union. "REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016" (PDF). European Union. Retrieved 14 November 2017.
- Article 83, GDPR
- International Association of Privacy Protection. "IAPP & TRUSTe GDPR Readiness Assessment". IAPP.org. Retrieved 14 November 2017.
- TrustE; International Association of Privacy Professionals (IAPP). "IAPP & TRUSTe Launch GDPR Assessment". StreetInsider.com. StreetInsider.com, Inc. Retrieved 14 November 2017.
- "TRUSTe Transforms to TrustArc". TrustArc. Jun 6, 2017. Retrieved 2017-06-07.
- "Privacy Dispute Resolution". TrustArc.com. Retrieved 27 September 2017.
helps efficiently manage privacy inquiries ...
- "TRUSTe watchdog reports". TrustArc. 2008. Archived from the original on 2012-04-02.
- "TRUSTe Transparency Report for 2012". TrustArc. 2012.
- Boutin, Paul (April 9, 2002). "Just how Trusty is TrustE?". Wired.
- Edelman, Benjamin (September 25, 2006). "Certifications and Site Trustworthiness". Retrieved 2008-07-03.
- Edelman, Benjamin (March 18, 2008). "Coupons.com and TRUSTe: Lots of Talk, Too Little Action". Retrieved 2008-07-03.
- "FTC press release".
- Clark, Daniel S. "UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION Complaint 1323219" (PDF). FTC.gov. para 1: Federal Trade Commission. Retrieved 27 September 2017.
- Wyattnov, Edward (Nov 17, 2014). "F.T.C. Penalizes TRUSTe, a Web Privacy Certification Company". New York Times.
- Davis, Wendy (March 18, 2015). "TRUSTe Finalizes Settlement With FTC". Media Post.
- Ohlhausen, Maureen K. (November 17, 2014). "Partial Dissent of Commissioner Maureen K. Ohlhausen - In the Matter of True Ultimate Standards Everywhere, Inc. ("TRUSTe")". FTC.gov. Federal Trade Commission of the United States. Retrieved 27 September 2017.
- "Resolving Privacy Disputes". trustarc.com. Retrieved 28 September 2017.
- Pfeifle, Sam (July 25, 2017). "Alibaba Cloud, TrustArc announce partnership at Asia Privacy Forum". IAPP.org. International Association of Privacy Professionals. Retrieved 26 September 2017.
TrustArc’s solutions run on AWS, and they will continue to ... with locations on the East and West Coasts of the U.S., plus London and Germany
- "TRUSTe Transforms to TrustArc". TrustArc. Jun 6, 2017. Retrieved 2017-06-07.