Soon after the JetBlue scandal broke, Bill Scannell, founder of the website www.dontspyon.us, offered space on his site for one livid JetBlue customer, Joshua Gruber, to collect complaints from other wronged passengers. "If you are as angry as I am about having your private information given away by JetBlue, then write me," Gruber wrote. "It's important that JetBlue, all airlines-in fact all businesses that collect our private information-need to know that they must follow the law." The problem is that following the law is not so easy when, in the absence of clear-cut federal privacy laws, U.S. companies are left to figure out for themselves how much privacy to promise their customers and what to do with the information they collect. That puts the onus on self-regulating bodies like BBBOnline, the arm of the Council of Better Business Bureaus that deals with e-commerce sites. BBBOnline offers companies that do business online the opportunity to apply for a seal that shows consumers that they adhere to stringent privacy policies. "By coming to us, [these companies] have very carefully laid out what their practices are, provided choice and are precommitted to resolving disputes if there's a problem," says Gary Laden, director of the BBBOnline Privacy Program. BBBOnline monitors the companies to which it grants the seal and boots those that fail to keep up with the requirements. "It's a pretty strict entrance gate," says Laden, who says that only about half the companies that apply for the seal receive it (including American Airlines, Continental Airlines and United). JetBlue, for the record, hasn't applied for the seal.