|
TRUSTe WHITEPAPER
Do You Deserve to be Trusted?
The key considerations for building and maintaining
a trusted online brand
55 2nd Street, 2nd FloorSan Francisco, CA 94105415 520 3491 tel415 520 3420 faxprivacyseals@truste.comwww.truste.com
©2010 TRUSTe. All rights reserved.Executive Summary
Not so long ago finding new customers was the toughest challenge facing most businesses. The Internet made the sales process much easier and more effective by giving marketers unprecedented power to reach people. However, now you face new challenges: getting people to trust your online presence enough to click, and keeping the trust of existing online customers.
Collecting sensitive electronic data from consumers or business contacts puts a burden on companies to be good stewards of privacy. One of the quickest ways to lose customers is by exposing their personal and financial information-intentionally or unintentionally-to third parties. There is also no surer way to dissuade customers from patronizing your business than by gaining a reputation for poor business practices. In addition, companies that fail to respect consumers' and patients' privacy may face significant legal costs and stiff regulatory actions from state and local governments as well as industry groups.
Protecting your business integrity is about more than securing your network from hackers or posting a boilerplate privacy policy in the fine print of your website. It involves developing a plan-unique to your company-that minimizes data collection, adequately secures what is collected, and clearly communicates your business practices to customers.
An effective business integrity strategy is also not something you set and forget. You should review your plan frequently, and it needs to evolve as your business changes. As new technologies and practices raise new questions, you will need to have the answers.
However, before you can adequately address your integrity practices, you will need to have good visibility into all areas where you touch consumers online. Do you use behavioral advertising to target potential customers? Do you collect biometric information such as fingerprints or retinal scans? Does your company use cloud computing to store data? While you may answer "no" to these questions today, your answer may be "yes" tomorrow.
This paper outlines the key areas where businesses need to focus on as they assess their integrity practices. It also provides a steppingstone to developing a comprehensive framework that will underlie an effective business integrity strategy. As additional privacy concerns arise in your business, TRUSTe Enterprise Services can help you to fill the holes and create a more robust overall privacy architecture. Key factors to consider when assessing your privacy stance
Key factors to consider when assessing your privacy stance
1. Where you get your informationThe place to begin determining many of your privacy obligations is at the source-that is, where you get your information.
Do you collect information from children? If so, you will need to comply with the Children's Online Privacy Protection Act (COPPA), a federal law governing the collection and use of information from children under 13. You may be required to obtain parental consent depending on the information you are collecting.
2 ©2010. TRUSTe. All rights reserved.Do you gather information from people outside of the US? Foreign data protection laws, » Learn more about especially those in Europe, impose different requirements than US laws. The US Department of EU Safe Harbor Commerce administers a Safe Harbor Program that can guide foreign compliance efforts. TRUSTe Certification from can also help you to navigate the complexities of international laws.TRUSTe. In which US states do your customers reside? At least 48 states and the District of Columbia have laws governing the collection and use of online information. These laws may apply to your company based on the geographic location of your customers. They impose obligations related to data breach notification, storage of information, and security measures, such as mandating encryption. A new tougher breed of laws, such as those recently adopted in Nevada and Massachusetts, go even further. For example, the Massachusetts's Data Protection Act even applies to businesses located outside the state as long as... [download for more]
|
