05/27/99 Committee on the Judiciary

Electronic Communication Privacy Policy Disclosure Oversight Hearing

Committee on the Judiciary

TRUSTe Testimony

Delivered by Mr. Terry Pittman, Board of Directors, TRUSTe

May 27, 1999

10:00 a.m.

Room 2141 Rayburn House Office Building

Ladies and Gentlemen of the Committee:

I would like to thank you for inviting TRUSTe to testify on the very important issue of Internet privacy. For the past two years, TRUSTe's mission has been to increase trust on the Internet by promoting responsible and fair information collection and use practices online. TRUSTe's privacy program is based on the fair information practices called for by the Federal Trade Commission. Since the inception of our program in 1997, all TRUSTe licensees must post a privacy statement in a prominent location that fully discloses information collection and use practices.

In October 1998, TRUSTe introduced several additional features to our program. All licensees must now:

· Provide a mechanism for consumers to update or correct personal information;

· Provide an opportunity for users to opt-out of secondary use of their personal information;

· Take reasonable security precautions to protect information that is collected; and

· Follow the requirements of the TRUSTe Children's Program when the licensed Web site is targeted to children under the age of 13.

The cornerstone of TRUSTe's program is our verification and oversight. TRUSTe performs periodic reviews of each site to ensure compliance with TRUSTe requirements. TRUSTe also tracks usage of unique identifiers in a licensee's database, a process we call seeding. Seeding involves visiting and registering with the Web site under an assumed identity, then tracking how that registration information is used.

TRUSTe's consumer complaint resolution process, also known as our escalation process, begins if TRUSTe believes a licensee is in non-compliance of stated privacy practices or if a consumer files a complaint through TRUSTe's watchdog site. If an investigation reveals that a site has violated its privacy statement, TRUSTe will require remedial measures. To assure that problems have been corrected, the site may be asked to undergo a third-party audit. If the problem is not resolved to TRUSTe's satisfaction, we may revoke the TRUSTe seal, also called a trustmark. If an egregious or malicious privacy breach has occurred, the site may be referred to an appropriate local law enforcement agency, or to the Federal Trade Commission.

As of today, TRUSTe has more than 675 licensed sites; those sites account for one-third of all US Web traffic. TRUSTe anticipates that more than 1,500 sites will join its privacy oversight program by December 1999.

TRUSTe's growth is a result of aggressive business-to-business outreach. When we launched the TRUSTe seal program in June of 1997, we understood that educating the most visible sites would be key to the widespread adoption of privacy protection practices on the Web.

Of particular note is that all major Internet "portal" sites have joined TRUSTe, including America Online, Excite, Infoseek, Lycos, Microsoft, Netscape, Snap, and Yahoo! 45 of the top 100 sites are TRUSTe licensees. What's more, 80% of our licensed sites are small businesses. As we move into the third year of our program, we are noticing a new trend. Traditional "off-line" brands, such as major manufacturers and Fortune 100 companies, are entering the TRUSTe program with greater and greater frequency.

The growth of interest in seal programs is clearly linked to one factor: the desire to build a Web environment that consumers feel comfortable in. To that end, it has also been TRUSTe's mission to provide outreach and education to Web users about how to take control of their information online. TRUSTe's grass-roots Privacy Partnership education campaign was the largest ever online public service announcement initiative. In a span of 3 weeks, 200 million donated banner advertisements ran on the most trafficked U.S. Web sites. More than one million Web users visited the educational campaign Web site to learn more about protecting their privacy. The campaign was a huge success, with more than 800 Web sites joining in to run banner ads.

I would like to spend a moment now commenting on the results of the survey of Web sites recently completed by Mary Culnan of Georgetown University. When TRUSTe launched, nearly two years ago, one of our most significant challenges was to convince Web site owners that privacy was an issue they should put resources toward. The fact that now, 65.7% of commercial Web sites are addressing consumer privacy is a remarkable demonstration that the message has been received, loud and clear.

Now that two-thirds of all sites are posting some type of privacy notice, the mission of seal programs is clear--evangelize the need for comprehensive statements that address all fair information practices. Seal programs offer turn-key solutions to sites by ensuring they adhere to all fair information practices prior to granting the seal.

Finally, I would like to mention that TRUSTe was launched with the intent of creating a globally recognized seal program. Already, we have licensees in English-speaking countries around the world. This year, we launched our European program by appointing an interim European director. We have ongoing discussions with agencies in Singapore, Australia, and several other countries with an interest in launching the TRUSTe program locally. We will continue to keep you updated on these international efforts.

We thank you for the opportunity to speak here today and look forward to serving as a resource for the Judiciary Committee and all members of the House of Representatives.