The U.S. Federal Trade Commission fined TRUSTe, a for profit organization that is a leading provider of online reputations, $200,000 for misleading consumers about its web site monitoring services.
On Monday, the Commission announced a settlement with TRUSTe over allegations that the company failed to perform annual compliance checks on more than 1,000 domains that earned its TRUSTe Certified Privacy Seal” between 2006 and 2013. The company also acknowledged making misleading statements about its for-profit status.
“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC Chairwoman Edith Ramirez in an official statement. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action.”
TRUSTe is a critical player in the online trust business. The company provides seals to businesses that meet the requirements for a number of consumer privacy programs it administers. It is also considered a “safe harbor” for compliance with official standards including the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework.
Those seals are renewable each year and are contingent upon continued satisfaction of the standards needed to obtain the seal in the first place. According to the FTC’s complaint, however, TRUSTe failed to conduct annual re-certification of companies holding TRUSTe privacy seals in over 1,000 cases, but continued to allow those sites to display the TRUSTe seal. TRUSTe also allowed certified companies to continue describing TRUSTe as a non-profit firm, even though it became a for-profit organization in 2008.
In a blog post, TRUSTe CEO Chris Babel said that the gap in re-certification is the result of confusion over the handling of some 90% of TRUSTe’s clients who sign multi-year agreements with the organization. Those companies did not undergo the annual review step of their certification. Rather their sites were reviewed when their agreements were up for renewal – often every other year.
“We have taken swift action to address the process issues covered by the agreement,” Babel said. He said TRUSTe began requiring customers to change the language describing the company in late 2013 and implemented new controls to ensure that every client receives the annual review step of their certification.
“We regret that, in these two cases, our processes did not live up to our own standards,” he wrote.
Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline. The company will also be required to provide detailed information about its COPPA-related activities in its annual filing to the FTC, as well as maintaining comprehensive records about its COPPA safe harbor activities for ten years.