Actually, the example which you give "we own any data that you provide and can use or disclose it to third-parties for any business purpose" would not be certified by TRUSTe.

Our program requirements are extensive, and I can understand that "anonymous" is not familiar with thier detail. But please do not make unsupported claims, and then allude to facts. The exact Prog requirement that deals with this can be found to require opt-out choice for sharing/disclosing PII with third parties [Section III.D.2.b]

In our email program we require opt-in for third party sharing. Not just any opt-in options either. Has to be an affirmative act (no pre-checked box)[Email Privacy Seal - Section III.B.(1)-(2)]

Finally, TRUSTe does not just certify the absence of evidence of poor privacy practices. As I mention in my post there are many requirements for companies, which you can see are not insignificant, if you had a read through our program requirements and certification agreements. I urge anyone to have a discussion with a TRUSTe sealholder before dismissing the effort required to become certified.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/313/1555#1555