[ISN] BBB Web Site Privacy Program Finally Arrives

From: mea culpa (jerichoat_private)
Date: Thu Mar 18 1999 - 02:20:30 PST

  • Next message: mea culpa: "[ISN] US Eases up on Security Software Exports"

    BBB Web Site Privacy Program Finally Arrives
    Courtney Macavinta
    Staff Writer, CNET News.com
    The Better Business Bureau will finally launch its Net site privacy
    program tomorrow, the latest in a string of industry efforts to stave off
    regulation and to quell conflict between U.S. and European officials over
    data collection practices. 
    The long-awaited BBBOnline [ http://www.bbbonline.com/ ] privacy seal
    requires applicants to indicate when they gather consumers' sensitive
    information, how they use it, and how they protect it. Sites with the BBB
    privacy mark also must give Net users access to their records and let them
    "opt out" of giving up personal details such as name, phone number, or
    financial information. 
    Sites targeted at children will carry a different seal and must meet the
    marketing guidelines laid out by the Children's Advertising Review Unit of
    the BBB, and get parental permission before collecting data from those
    under age 12. 
    The BBBOnline will monitor sites for compliance, sometimes making random
    on-site visits. 
    "The program is about putting a trusted brand name on a Web site when they
    qualify under our standards for fair information practices," said Steve
    Cole, general counsel for BBBOnline. "This should give regulators a
    comfort level that the business community gets it and has done something
    that has teeth to it." 
    Self-regulatory plans have been criticized in the past by privacy
    advocates and U.S. officials for lacking strong enforcement. BBBOnline
    promised to meet this demand when it announced the program last summer. 
    The organization plans to collect consumers' Net privacy complaints,
    giving a company ten days to respond and possibly correct the situation.
    But if a company is found guilty of violating its privacy policy,
    BBBOnline will revoke the seal, make the invalidation public and possibly
    refer the matter to the Federal Trade Commission or other agencies [
    http://www.ftc.gov/ ]. 
    The BBBOnline seal is similar to another well-known privacy "trustmark" on
    the market, TRUSTe [ http://www.truste.org/ ], and the budding
    accreditation program WebTrust [ http://www.cpawebtrust.org/ ] by the
    American Institute of Certified Public Accountants (AICPA) [
    http://www.aicpa.org/ ], which represents the "Big Five" accounting firms. 
    Depending on gross sales, companies will pay from $150 to $3,000 per year
    to participate in BBBOnline. Its corporate sponsors, many of whom also
    support TRUSTe, have paid more than $50,000 each to help build the
    program. AT&T, Hewlett-Packard, Netscape Communications, and Microsoft are
    among the backers. 
    Still, even before it launched BBBOnline was lambasted by privacy groups
    for not exploiting its potential reach with the program. 
    For example, another BBBOnline program, its reliability seal, already is
    in place and has 2,300 participants. If a site carries that seal it means
    the BBBOnline has visited the company in person, among other checks, to
    ensure it can back up the services it is pitching on the Web. 
    However, Web sites that carry the reliability seal, and those who are BBB
    members in the offline world, will not be required to sign up for the
    privacy program. The organization estimates that 25 percent of its 270,000
    members are on the Web. As of yet it has received just 300 applications so
    far for its privacy program. 
    "We have not at this time made a decision to require it, but we are taking
    steps to encourage it," Cole said. "If they qualify we are offering the
    privacy seal for free to reliability program members for a substantial
    time.  We're also going to work with BBBs around the country to help them
    create marketing materials, while we reach out in the offline world
    through mailings, meetings and our Web site." 
    The BBBOnline program may catch on, and its brand is well known, but
    lawmakers may be losing patience with the industry. 
    Although the FTC was briefed about the BBBOnline program and is apparently
    pleased with the progress, Congress members already have introduced new
    bills this session to tighten computer users' privacy protections. And
    tomorrow, the Commerce Department will give a status report on its lengthy
    negotiations with EU officials. 
    The European Union's
    http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html ] strict
    privacy directive went into effect in October and is expected to be
    adopted by all 15 members countries. 
    The EU law will give citizens new control over their computerized personal
    data and prevent firms from exchanging the information with countries that
    do not provide "adequate" protection, such as letting people "opt out" and
    making clear who else will have access to the data. 
    The EU is dissatisfied with safe harbors proposed by the United States,
    which in many ways mirror programs like the BBBOnline. Among the sticking
    points is that the U.S. proposal doesn't give consumers adequate access to
    their data or proper recourse for abuses. 
    America Online, Walt Disney, and other companies said today that they
    won't endorse the plan [ http://www.news.com/News/Item/0,4,33803,00.html ]
    to bring them in line with the EU privacy rules, either, according to
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:12 PDT