A data privacy management (DPM) firm, called TRUSTe, which provides privacy program certifications and compliance assessments for businesses, has agreed to dole out $200,000 to settle Federal Trade Commission charges.
The FTC filed a complaint (PDF) against TRUSTe alleging that, between 2006 and January 2013, the firm “fell short” on its promise to companies, by failing to conduct annual recertifications for those holding its “TRUSTe Certified Privacy Seals,” a Monday release from the agency said.
According to the FTC, TRUSTe deceived consumers through the program, as the seals were meant to assure them that businesses were in compliance with privacy standards, like the Children's Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework.
In over 1,000 incidences, San Francisco-based TRUSTe neglected to follow through on its promise to conduct annual recertifications “despite providing information on its website that companies holding [the seals] receive recertification every year,” the FTC release said.
“In addition, the FTC's complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization's non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies,” the FTC added.
Along with the $200,000 settlement, TRUSTe also agreed to provide detailed information to the FTC annually about its “COPAA-related activities” and to maintain “comprehensive records” about its COPPA safe harbor activities for a decade.
TRUSTe is also barred from misrepresenting its corporate status or its certification process, the FTC said. The consent agreement is expected to be finalized after a 30-day public comment period, which will run through Dec. 17, 2014.