BBB Web Site Privacy Program Finally Arrives
http://www.news.com/News/Item/0,4,33863,00.html
Courtney Macavinta
Staff Writer, CNET News.com
The Better Business Bureau will finally launch its Net site privacy
program tomorrow, the latest in a string of industry efforts to stave off
regulation and to quell conflict between U.S. and European officials over
data collection practices.
The long-awaited BBBOnline [ http://www.bbbonline.com/ ] privacy seal
requires applicants to indicate when they gather consumers' sensitive
information, how they use it, and how they protect it. Sites with the BBB
privacy mark also must give Net users access to their records and let them
"opt out" of giving up personal details such as name, phone number, or
financial information.
Sites targeted at children will carry a different seal and must meet the
marketing guidelines laid out by the Children's Advertising Review Unit of
the BBB, and get parental permission before collecting data from those
under age 12.
The BBBOnline will monitor sites for compliance, sometimes making random
on-site visits.
"The program is about putting a trusted brand name on a Web site when they
qualify under our standards for fair information practices," said Steve
Cole, general counsel for BBBOnline. "This should give regulators a
comfort level that the business community gets it and has done something
that has teeth to it."
Self-regulatory plans have been criticized in the past by privacy
advocates and U.S. officials for lacking strong enforcement. BBBOnline
promised to meet this demand when it announced the program last summer.
The organization plans to collect consumers' Net privacy complaints,
giving a company ten days to respond and possibly correct the situation.
But if a company is found guilty of violating its privacy policy,
BBBOnline will revoke the seal, make the invalidation public and possibly
refer the matter to the Federal Trade Commission or other agencies [
http://www.ftc.gov/ ].
The BBBOnline seal is similar to another well-known privacy "trustmark" on
the market, TRUSTe [ http://www.truste.org/ ], and the budding
accreditation program WebTrust [ http://www.cpawebtrust.org/ ] by the
American Institute of Certified Public Accountants (AICPA) [
http://www.aicpa.org/ ], which represents the "Big Five" accounting firms.
Depending on gross sales, companies will pay from $150 to $3,000 per year
to participate in BBBOnline. Its corporate sponsors, many of whom also
support TRUSTe, have paid more than $50,000 each to help build the
program. AT&T, Hewlett-Packard, Netscape Communications, and Microsoft are
among the backers.
Still, even before it launched BBBOnline was lambasted by privacy groups
for not exploiting its potential reach with the program.
For example, another BBBOnline program, its reliability seal, already is
in place and has 2,300 participants. If a site carries that seal it means
the BBBOnline has visited the company in person, among other checks, to
ensure it can back up the services it is pitching on the Web.
However, Web sites that carry the reliability seal, and those who are BBB
members in the offline world, will not be required to sign up for the
privacy program. The organization estimates that 25 percent of its 270,000
members are on the Web. As of yet it has received just 300 applications so
far for its privacy program.
"We have not at this time made a decision to require it, but we are taking
steps to encourage it," Cole said. "If they qualify we are offering the
privacy seal for free to reliability program members for a substantial
time. We're also going to work with BBBs around the country to help them
create marketing materials, while we reach out in the offline world
through mailings, meetings and our Web site."
The BBBOnline program may catch on, and its brand is well known, but
lawmakers may be losing patience with the industry.
Although the FTC was briefed about the BBBOnline program and is apparently
pleased with the progress, Congress members already have introduced new
bills this session to tighten computer users' privacy protections. And
tomorrow, the Commerce Department will give a status report on its lengthy
negotiations with EU officials.
The European Union's
http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html ] strict
privacy directive went into effect in October and is expected to be
adopted by all 15 members countries.
The EU law will give citizens new control over their computerized personal
data and prevent firms from exchanging the information with countries that
do not provide "adequate" protection, such as letting people "opt out" and
making clear who else will have access to the data.
The EU is dissatisfied with safe harbors proposed by the United States,
which in many ways mirror programs like the BBBOnline. Among the sticking
points is that the U.S. proposal doesn't give consumers adequate access to
their data or proper recourse for abuses.
America Online, Walt Disney, and other companies said today that they
won't endorse the plan [ http://www.news.com/News/Item/0,4,33803,00.html ]
to bring them in line with the EU privacy rules, either, according to
reports.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 18 09:03:55 1999