For Businesses For Consumers TRUSTe Blog About TRUSTe   
 
TRUSTe - Make Privacy Your Choice
Our Services  ::   Mission Statement  ::   Fact Sheet  ::   Press Room  ::   Sponsors  ::   Member List
Partner Services  ::   Management  ::   Newsletter Archive

TRUSTe Program Requirements

TRUSTe’s program requirements are based upon the Fair Information Principles and OCED Guidelines around notice, choice, access, security, and redress - the core foundations of privacy and building trust.  Sealholders are required to undergo a rigorous review process to assess the accuracy of privacy disclosures and compliance with TRUSTe’s requirements in order to obtain certification. 


General Web Privacy Program Requirements

EU Safe Harbor Privacy Seal Program Requirements

Children's Privacy Seal Program Requirements

Email Privacy Seal Program Requirements


General Web Privacy Program Requirements

ALL TRUSTe-certified sites must provide:

User controls, including:

  • Ability for users to opt-out of having personally identifiable information (PII) shared with outside parties for the purpose of promoting their own products
  • An unsubscribe function in marketing/promotional emails and newsletters
  • A mechanism for users to correct and/or update stored PII or request to have it updated by the Sealholder

Security measures, ensuring:

  • Secured Socket Layers (SSLs), or other comparable technology, that encrypts pages collecting and transmitting sensitive information such as credit card numbers

A complaint resolution process, requiring:

  • Sealholders to have procedures for receiving and handling privacy related complaints
  • Information on how to contact TRUSTe’s Watchdog for third-party dispute resolution
  • Participation by the Sealholder to resolve complaints filed through TRUSTe’s Watchdog Dispute Resolution mechanism including making changes to processes and privacy practices to prevent future complaints

A privacy statement disclosing:

  • What PII is collected and how it will be used
  • Identity of the party collecting PII
  • Whether PII is shared with third parties
  • The use of any tracking technology
  • Whether PII is supplemented with information from other sources
  • Choice options available to users and how to exercise them
  • How consumers can access PII they have provided to correct and update it
  • That there are security measures in place
  • How users will be notified of any material changes in the Sealholder’s privacy practices
  • Accurate contact information for the Sealholder including both email and physical mailing address where users can submit a privacy related compliant

In addition, the privacy statement must:

  • Be a clear and accurate representation of the Sealholder’s privacy practices
  • Be accessible from the home page and every page collecting PII
  • Display the TRUSTe "Click to Verify" seal and link to a TRUSTe hosted validation page so users can verify whether the site is a Sealholder or not

Once certified, Sealholders are required to:

  • Undergo regular compliance monitoring
  • Participate in TRUSTe’s Watchdog Dispute Resolution process including cooperating with investigations regarding non-frivolous complaints
  • Obtain annual recertification   

Specific Seal Program Requirements
TRUSTe's Children's Privacy Seal and EU Safe Harbor Seal have additional requirements to the general Web Privacy Seal:


EU Safe Harbor Privacy Seal Program Requirements

User controls, including:

  • Ability to request correction or deletion of inaccuracies in collected PII
  • A response from the Sealholder within 30 days
    • confirming the PII has been updated or deleted; or
    • notification of a timeline in which the request will be fulfilled; or
    • a reason why the request cannot be fulfilled
Children's Privacy Seal Program Requirements

Controls for parents, including:

  • Verifiable parental consent for collection, use, or sharing of children's personal information
  • Ability for parent to review, correct, update, and have deleted personal information collected from their child online at any time
  • The right to refuse further collection and use of collected personal information from the child

Prohibited practices include:

  • Using games, prizes, or other enticements to encourage children to divulge more personal information than is reasonably necessary for an online activity
  • Allowing children to publicly distribute personal information in the Web site through avenues such as message boards or chat rooms  unless the parent has provided verifiable consent
  • Conditioning access to the site on a child's providing more personal information than is reasonably necessary

A privacy statement, including the following:

  • A procedure for exercising parental consent, choice and access to children's personal information
  • Disclosure of the names, addresses, telephone numbers and email addresses of all parties collecting or maintaining children's personal information on the site
  • Disclosure of any sharing of children's personal information with third parties, including with whom and why

Email Privacy Seal Program Requirements

The email privacy seal certifies the email practices of website owners and ensures that you will only get the email you ask for from our Sealholders, and that your email address will not be shared with anyone without your consent.

TRUSTe Email Privacy Sealholders are all required to provide:

User controls, including:

  • Consent for receiving any commercial or promotional email
  • An affirmative opt-in function for sharing of personally identifiable information (PII) with outside parties
  • Access management permitting users to update stored email address or have it changed by the Sealholder

Disclosures on any page collecting email (and in the privacy statement) regarding:

  • The nature of email messages to be sent
  • If receiving commercial or promotional email is a condition of receiving a service
  • Any sharing of email addresses with third parties other than service providers

In addition, pages collecting email addresses must

  • Display the TRUSTe "We Do Not Spam" seal and link to a TRUSTe hosted validation page so users can:
    • verify whether the site is a Sealholder or not; and
    • obtain information on how to contact TRUSTe’s Watchdog for third-party dispute resolution

An Unsubscribe must be included in all commercial or promotional email messages, that is:

  • Clear, conspicuous, and easily understood
  • Easy to use -- typically a ‘one-click’ process, such as clicking on an unsubscribe link
  • Effective within 10 days
  • Functional for 30 days following the sending of the message
  • Unsubscribe requests must never expire
  • Flexible in processing requests via alternate media (telephone, email or mail)

A complaint resolution process, requiring:

  • Sealholders to have procedures for receiving and handling privacy related complaints
  • Participation by the Sealholder to resolve complaints filed through TRUSTe’s Watchdog Dispute Resolution mechanism

Mail infrastructure and technology accountability:

  • To reliably process bounces and other replies, bounces may not exceed 10% of all messages sent
  • Outbound email servers must have valid reverse DNS entries
  • Creation and maintenance of standard role email accounts including abuse and postmaster
  • Must register with abuse.net and maintain accurate Whois database information
  • Due diligence to ensure that clear and conspicuous notice was provided, and relevant consent obtained, if email addresses were obtained from a third party
 
Sponsor: America Online
For Business | For Consumers | About TRUSTe | Careers | Site Map | Privacy Statement - UPDATED | TRUSTe Homepage | Terms & Conditions
© 1997 - 2008 TRUSTe. All Rights Reserved.