Companies that wish to display the TRUSTe seal on their website will have to demonstrate a higher level of privacy protection for customer data. Companies that wish to display the TRUSTe seal on their website will have to demonstrate a higher level of privacy protection for customer data. TRUSTe is an organization composed of online privacy advocates and companies, including AOL Time Warner, Intuit and Microsoft. Its global privacy certification program allows companies that are in accordance with the group’s consumer protection policies to display the TRUSTe seal. However, although the new requirements are an improvement on previous certification guidelines, Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center, counters that TRUSTe and its member companies are really just playing catch-up to recent Federal Trade Commission rulings.Recently, the FTC has taken action against Microsoft for misrepresenting aspects of its Passport service, Eli Lilly for lax security practices that compromised consumer data, and American Student List for improperly selling information collected from high school students. According to Hoofnagle, all those motions have raised the bar on consumer online privacy protections.Those rulings, more than TRUSTe’s guidelines or those of other seal organizations, create what Hoofnagle calls a “common law of privacy” on which future enforcement actions can be taken by organizations like the FTC. Less clear is where CSOs should look for reliable information on best practices to protect customer and employee data collected on their own websites.Hoofnagle recommends that CSOs look to the Organisation for Economic Co-operation and Development’s privacy guidelines and statements about fair information practices. Canada’s online consumer protection laws could also serve as a good guide. Both are strong and comprehensive. While the FTC says it supports the work of seal programs like TRUSTe, it doesn’t specifically endorse any particular program.“The FTC hasn’t taken a position on the specific policies of an organization. We do not comment on the specifics of seal programs,” says Toby Levin, an FTC attorney.However, CSOs that abide by the precepts of a seal program are likely to stay in good stead on the privacy front, as Levin acknowledges that the certification requirements of programs like TRUSTe often exceed what is required by law. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe