STEPS TO PREPARE FOR TRUSTe EU CERTIFICATION

Michelle Hines VP of Sales, TRUSTe

Jay ClinePresident, Minnesota Privacy Consultants

2

AGENDA

SAFE HARBOR REQUIREMENTS

TRUSTE REQUIREMENTS

WATCHDOG DISPUTE

RESOLUTION

Comparison of EU Data-Transfer Compliance Options

WHY THE SAFE HARBOR?

• For companies with simple & stable transatlantic dataflows

FAQ 7 - VerificationQ: How do organizations provide follow up procedures for verifying that the attestations and assertions they make about their safe harbor privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Safe Harbor Principles?

7

http://www.export.gov/safeharbor/SH_FAQ7.asp

FAQ No 11: Dispute Resolution and EnforcementQ: How should the dispute resolution requirements of the Enforcement Principle be implemented, and how will an organization's persistent failure to comply with the Principles be handled?

8

http://www.export.gov/safeharbor/FAQ11FINAL.htm

DOC SAFE HARBOR LISThttp://www.export.gov/safeharbor/sh_overview.html

9

DISPUTE RESOLUTION COMPARISON

Dispute Resolution Option

Advantage

EU Data Protection Authorities

• Public• Decisions made by a DPA are binding

TRUSTe • Information disclosed in Watchdog process is confidential• Transparent, fair and equitable

Other governmental authorities

Public

11

TRUSTe E.U. SAFE HARBOR SEAL PROGRAM

• Verisign• Audible• Harris Interactive• LinkedIn

• Launched in 2001 • 145 licensees• Millions of consumers• Notable members:

TRUSTe CERTIFICATION PROCESS

Your organization fills out a TRUSTe contract and self-assessment incorporating all Safe Harbor Privacy Principles

TRUSTe conducts an initial site walkthrough and provides a set of written recommendations in the form of a site findings report

You implement recommendations on your Web site

TRUSTe awards you privacy seals. Display these where you collect information to build confidence with customers

TRUSTe ensures ongoing compliance and monitoring with MAXAMINE scanning and the TRUSTe Watchdog Dispute Resolution System

12

13

TRUSTe FACILITATES SMOOTH SELF-CERTIFICATION

TRUSTehelps

companies fulfill the safe

harbor principles

Letter of verification to

self-certify with DOC

Offers 3rd

Party Dispute Resolution

with the Watchdog Program

Provides a consumer facing seal

demonstrating EU

compliance

EU SAFE HARBOR REQUIREMENTS – ADDITIONS TO COMPLIMENT WEB PRIVACY SEAL

Disclosure in privacy statement that company complies with the EU Safe Harbor Framework.Disclose in privacy statement timeframe in which company will respond to an access request for the purpose of correcting and updating inaccuracies. TRUSTe requires Program Participants to respond within 30 days.Provide a mechanism to request deletion of inaccurate data and disclose in the privacy statement how to request deletion.

14

15

TRUSTe EU SAFE HARBOR SEAL PROGRAMWATCHDOG DISPUTE RESOLUTION

• Free of charge to consumers• Easy-to-use online form• Transparent, fair and equitable• Complaints for offline data can

be submitted by mail or fax• Monthly Watchdog reports

available on TRUSTe Web site• 86% would recommend using

Watchdog to a friend

16

WATCHDOG COMPLAINTS

• Resolve approximately 5,000 per year directly– Also offer “self help” through Web site

• TRUSTe works with consumer and the sealholder to resolve issues

• Critical input to monitoring process

• Watchdogs can assist in identifying trends –potential threats

• Goal: Improve Consumer TrustNote: TRUSTe Watchdog Complaints

17

EXAMPLES OF TRUSTe WATCHDOGS

1. A complainant filed a complaint against an EU-Online sealholder indicating that someone else had created an online profile pretending to be them. TRUSTe forwarded the complaint to the sealholder, and the sealholder deleted the profile as requested.

2. A complainant filed a complaint against an EU-Online sealholder requesting that they be unsubscribed from all mailings. TRUSTe forwarded the complaint to the sealholder, and the sealholder promptly replied that they had processed the unsubscribe request.

3. A complainant filed a complaint that they were unable to close their account because they are no longer at the e-mail address they used to create their account. TRUSTe forwarded the complaint to the sealholder, who quickly responded and notified TRUSTe that they had closed the account.

18

COMPLIANCE AND ENFORCEMENT TOOLBOX

• Certification: – 90% improve practices

• Watchdog Dispute Resolution– 100% resolution

• Proactively monitor– Scanning: 50% fail and then fix– Email Seeding

DEMONSTRATING EU COMPLIANCE

19

20

1

23

TESTIMONIALS

“Being a member of TRUSTe’s EU Safe Harbor Program gives us additional tools in our pursuit of meeting world-class privacy standards. Conversely, TRUSTe’s seals on our web pages help give site visitors the confidence of knowing that we take privacy seriously.”- Patrick Manzo, Vice President of Compliance and Fraud Protection, Monster

“It is critical that we abide by the Safe Harbor framework when dealing with business customers in Europe. Our display of TRUSTe’s EU seal marks our compliance with the EU framework and shows that we take customer data handling seriously. It makes selling our services that much easier.”- David Stark, Privacy Officer, North America, TNS

21

ABOUT TRUSTe

• Independent trust authority headquartered in San Francisco– Formed in 1997 by EFF, CommerceNet, and a number of leading Internet

companies - Microsoft, Intel, IBM, AOL, Excite– Washington, DC gov’t affairs office

• Mission: Advancing Privacy and Trust for the Networked World– Widely accepted privacy best practices– Elevate responsible players– Help consumers identify who they can trust – Supplement legislation and regulation– Address emerging privacy vulnerabilities and threats

23

CONTACT INFORMATION

Michelle HinesVP of Sales, TRUSTe

+1.415.520.3402mhines@truste.orgwww.truste.org

Jay ClinePresident, Minnesota Privacy Consultants

+1.763.498.2237cline@minnesotaprivacy.comhttp://www.minnesotaprivacy.com/

Joanne FurtschSenior Privacy Architect

+1.415.520.3409jfurtsch@truste.orgwww.truste.org