The facts appear to differ from what you describe. What "Disclosure and Use Restrictions" can TRUSTe *possibly* enforce, when it certifies a privacy policy that essentially says "we own any data that you provide and can use or disclose it to third-parties for any business purpose"?
As for your comparison SiteAdvisor, you are comparing apples to oranges. SiteAdvisor is designed to alert visitors to sites that have a history or likelihood of malicious or unfair practices, and SiteAdvisor checks factors far beyond the accuracy of privacy policies.
Finally, as any privacy-conscious consumer would, I object strenuously to any certification body that certifies based on the absence of evidence of poor privacy practices. TRUSTe's responsibility as a certification agency is to testify to the practices of the organization being certified. Your certification should serve as an assurance to me that the organization certified has policies and practices that could reasonably be expected to PROTECT my data. Your certification is of little value if it only means that my data isn't walking out the door at that particular moment. Anybody can certify that.
The facts appear to differ from what you describe. What "Disclosure and Use Restrictions" can TRUSTe *possibly* enforce, when it certifies a privacy policy that essentially says "we own any data that you provide and can use or disclose it to third-parties for any business purpose"?
As for your comparison SiteAdvisor, you are comparing apples to oranges. SiteAdvisor is designed to alert visitors to sites that have a history or likelihood of malicious or unfair practices, and SiteAdvisor checks factors far beyond the accuracy of privacy policies.
Finally, as any privacy-conscious consumer would, I object strenuously to any certification body that certifies based on the absence of evidence of poor privacy practices. TRUSTe's responsibility as a certification agency is to testify to the practices of the organization being certified. Your certification should serve as an assurance to me that the organization certified has policies and practices that could reasonably be expected to PROTECT my data. Your certification is of little value if it only means that my data isn't walking out the door at that particular moment. Anybody can certify that.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/313/1397#1397