TRUSTe, the provider of privacy certifications for online businesses skipped follow-up audits of some companies that had received its seal and allowed it to be falsely portrayed as a nonprofit corporation, even after it became a for-profit business in 2008, the Federal Trade Commission alleged in a settlement announced Monday.
The San Francisco-based TRUSTe firm represents itself as a notable independent authority on consumer privacy. But the Federal Trade Commission said that the company was unsuccessful in checking whether they were indeed meeting standards for safeguarding customers’ information.
“Seals and certifications are persuasive to consumers,” the FTC said in a blog post, after announcing Monday that TRUSTe had agreed to a legal settlement in the case. “So it’s important that representations conveyed by those remarks are truthful.”
As part of the legal settlement TRUSTe agreed to pay $200,000 to the FTC and file detailed reports on some of its practices in the future. CEO Chris Babel, in the company blog post said that the processes did not live up to their own standards but typified the problems as isolated. In a majority of cases the company carried out compliance reviews, he said.
From NFL.com to the messaging service WeChat, the company’s privacy seal is displayed by various popular websites and mobile apps. TRUSTe also certifies those products as cloud computing services and downloadable software.
According to the FTC, from 2006 to January 2013 TRUSTe failed to conduct more than 1,000 annual privacy checks on some of the companies it had already granted a TRUSTe seal, although the firm claimed to review companies’ privacy practices on an annual basis.
“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” FTC Chairwoman Edith Ramirez said in a statement. While TRUSTe told clients that it was no longer a nonprofit, she added, it did not make sure that clients changed the way they described TRUSTe’s service.
The dereliction to carry out follow-up reviews involved companies that had signed several year contracts with TRUSTe. Babel said the huge majority were reviewed every other year. Currently TRUSTe requires companies to withdraw any reference to TRUSTe’s former nonprofit status before they can be re-certified, Babel added.
According to the settlement, future violations could be subject to civil penalties. FTC requires TRUSTe to make detailed yearly reports about the measures it takes to ensure clients comply with standards for a special certification that TRUSTe provides for websites and apps that gather data from children under 13.