SlideShare a Scribd company logo
1 of 24
Download to read offline
HOW TO INTEGRATE PRIVACY INTO
CUSTOMER CARE


      October 22, 2008


      Note: Please mute your phones to prevent
      interference. This webinar will be recorded.
AGENDA

•   Compliance Overview
•   Monitoring
•   Watchdog Dispute Resolution
•   Enforcement & Case Studies
•   Q&A




                                  2
ENSURING PRIVACY AND TRUST IN A
   NETWORKED WORLD


                                                         BUSINESSES
     CONSUMERS
                                                       Need to Demonstrate
Look to Identify Trustworthy                          Compliance with Privacy
    Online Businesses                                  Best Practices to Gain
                                                         Consumer Trust
                                 REGULATORS

                               Want Enforcement and
                               Compliance Assurance




                                                                      3
TRUSTE COMPLIANCE SERVICE

  TRUSTe resolves over 5,000 Watchdog complaints
  a year.


  Issues ranging from unwanted email and
  unauthorized profiles, to critical data leaks and
  even unauthorized credit card usage.


  Complaints against companies small in size to
  large, well-known enterprise brands; from retailers
  to tax services and everyone in between.



  100% complaint resolution rate.




                                                        4
YOUR “BRANDING INSURANCE POLICY”

    Prevent         • TRUSTe is here to detect weak points in your
                      business practices or site that could result in
   unknown            a privacy threat, preventing escalation in the
privacy pitfalls.     public eye.


 Extend your        • Watchdog complaints are filed after a
                      customer has first tried to contact a company
customer care         directly – TRUSTe acts as a liaison between
 with privacy.        you and the customer facilitating recourse.



 Protect your       • TRUSTe provides the resources to help keep
    brand.            your brand a trusted one.




                                                          5
MONITORING


             6
WE KNOW WHAT OUR LICENSEES ARE
DOING…
Avoid common mistakes – TRUSTe helps you review WHAT data
you collect, and WHY.

   •   Collection and Use of Information
   •   Choice and your Web site’s use of PII
   •   Choice and Sharing of Information with Others
   •   User Access to PII
   •   Security
   •   User Complaints
   •   Response to Legal Process
   •   Technical Information




                                                       7
DIAGNOSTIC SCANNING UNCOVERS
PRIVACY WEAK POINTS
•   Undisclosed cookie usage
•   Lack of security for
    sensitive information
•   Lack of Privacy Statement
    link off homepage
•   PII collection without a
    Privacy Statement link
•   No privacy contact
    information provided
•   Possible web beacon
    usage
•   Bump-out if collects age




                                8
PRIVACY RISKS THAT GO UNDETECTED….

•   FTC CAN-SPAM unsubscribe violations
•   Insufficient authentication procedures
•   Lacking SSL encryption on password request pages
•   Failure to delete online profiles due to process flaw
•   Deceptive collection disclosures for importing user Address
    Book
•   E-mail addresses leaked to third-party spammers via
    misbehaving partner
•   Non-response to CA Shine the Light law inquiries
•   Cross-site scripting vulnerability




                                                          9
2007 SCANNING PASS/FAIL RESULTS

Automated and manual
monitoring of each Web Site’s
privacy statement and data
collection processes.

•   59% overall pass rate on first
    scan
•   Enterprise pass rate slightly
    lower at 52%
•   Enterprise Web sites tend
    toward more complexity




                                     10
TRUSTE WATCHDOG

                  11
WATCHDOG DISPUTE RESOLUTION
PROGRAM
CONSUMERS:                   SEALHOLDERS:
• Online independent         • Goal is to augment
  recourse mechanism           Sealholder’s privacy
• Specific to privacy          program, escalate and
  complaints                   resolve complaints quickly
• FREE of charge to          • Watchdogs are
  consumers                    confidential, there is no
• Easy-to-use online form      public posting of
• Transparent, fair and        complaints
  equitable                  • Early security and privacy
• Complaints for offline       issue identification
  data can be submitted by
  mail or fax




                                                 12
WATCHDOG TRENDS




                  13
CONSUMER & SEALHOLDER FEEDBACK


“As always, TRUSTe sends                  “I had no idea what to expect. I
a complete snapshot of what               was delighted with the prompt
the complainant is stating;               acknowledgement of my
TRUSTe runs a very tight                  complaint and the fast resolution
ship and we're lucky to be                of my problem.”
associated with you!”                       - Watchdog Complainant
 - TRUSTe Sealholder




“Within 48 hours of filing a complaint at Truste (about the classic
closeouts ripoff), my credit account has been credited the full amount
by classic closeouts (TWO unauthorized charges of $69.99 each). If
you have been a victim of this scam, file right away. You can find a
link to truste at the classic closeout site. Looks like they have pull!!”
- Watchdog Complainant


                                                                    14
ENFORCEMENT & CASE
STUDIES

                     15
ENFORCEMENT PROCESS

Monitoring or Watchdog complaints
triggers escalated investigation, which may
include email seeding.

    Sealholders are notified of non-compliance
    and given five days to respond with
    compliance plan.

         In the event of non-compliance, or non-
         responsiveness, TRUSTe sends seal-
         holder a certified letter of termination.

             The Sealholder has 20 business days to
             fix the compliance issue to TRUSTe’s
             satisfaction.


                                                      16
ENFORCEMENT ACTIONS 2007

•   Three terminations in 2007 where Licensee did not cure.

•   Three decline to renew in 2007 due to “uncertifiable” business
    models.

•   The vast majority of Licensees cure as soon as they are notified
    of an enforcement action or Watchdog complaint.
     – Committed to protecting their brand and consumer good
        will.
     – Don’t want to risk termination for cause and publication or
        referral.




                                                          17
LEAKED “DO NOT EMAIL” LIST
In Spring 2008, the Watchdog System helped identify a security
vulnerability of a leading tax filing Web site.

   •   Further information revealed the Tax firm had mistakenly
       made their DO NOT mail list public by posting to their FTP
       server.
   •   Upon additional investigation, TRUSTe verified the leak and
       notified the licensee.
   •   The licensee took immediate action and quickly remedied
       the situation.

The Watchdog Process helped pinpoint the
source of the breach quickly, helping to
minimize consumer harm.




                                                        18
CHANGEABLE URL VULNERABILITY
In July 2008, the Watchdog helped discover a changeable URL
that left consumer data exposed.

•   The web site was unknowingly permitting a user to manually
    change the last few digits of his or her unique URL thereby
    granting the user access to sensitive identification papers of
    other individuals, including their passports.
•   Company took immediate action – remedied vulnerability within
    hours and subsequently notified affected
    individuals.
The Watchdog helped licensee repair the problem,
promptly preventing large scale data exposure.




                                                        19
INCOMPLETE DOMAIN NAME
An incomplete domain name on web site allowed a rogue look-alike
site to intercept sensitive consumer data.

•   The licensee’s web site error leaves an incomplete link pointing
    to the local name for the server.
•   A rogue look-alike site is able to:
     – Intercept the web site’s traffic
     – Duplicate the web site’s look and feel to deceive consumers
•   TRUSTe promptly verifies the Watchdog complaint and alerts
    the licensee.
Licensee arranges an emergency update to their
web site that same evening to fix it and notifies
users.




                                                          20
TERMINATION: CLASSIC CLOSEOUTS
In June 2008 TRUSTe receives a consumer complaint indicating
unauthorized charges to individual’s credit card.

•  TRUSTe analyzes licensee's consent process and security
   procedures.
• Licensee is suspended due to program violations:
    – Given time to cure violations and opportunity to be reinstated
• Licensee responds to some but not all cure items.
• On 9/23/2008 TRUSTe publicly announces Classic Closeouts’
    termination.

TRUSTe took immediate investigation actions and worked rapidly
to obtain a refund for unauthorized charges.




                                                         21
THE VALUE OF COMPLIANCE FOR
TRUSTED DOWNLOAD PROGRAM
•   Trusted Download Program (TDP) certifies downloadable
    software
•   Most infractions in TDP are perpetrated by partners rather than
    Program Participants
•   Controlling distributors / affiliates takes an active effort
     – A contract is not enough as there are incentives ($$) for
        abuse but low possibility of getting caught
     – Requires proactive, ongoing monitoring
         • Are the correct (or any) disclosures being served to consumers
         • Are consumers being presented with opportunity to provide consent
         • Is the download being promoted on approved locations
     – Technological control over the consent process
         • Referral URL’s, consent mechanism
     – Solutions to verify validity of downloads
         • Audit download rate patterns, provide avenue for consumer complaints


                                                                   22
A TDP Enforcement Success Story

•   comScore, RelevantKnowledge suspension July 2007
     – A rogue partner distributed the software before obtaining
       positive user consent
     – comScore removed rogue distributor
     – TRUSTe worked with comScore to develop a technological
       check on all downloads BEFORE install.
     – comScore fully implemented the solution across all
       distributors
     – Reinstated to program on April 2008

Details available on http://blog.truste.org
PRESENTER BIOS
John P. Tomaszewski
General Counsel, TRUSTe
John ensures that TRUSTe’s compliance and enforcement efforts are thorough, transparent and defensible.
Prior to joining TRUSTe, John served as Chief Privacy Officer of CheckFree Corporation and provided trust
model consulting through his private practice.
Email: johnt@truste.com


Simona Nass
Director of Compliance, TRUSTe
Simona brings over 15 years of Internet-related privacy and technology experience. She previously served in
high level positions at Red Hat, Internet service provider PANIX, as well as at other companies focusing on web
services and e-mail.
Email: snass@truste.com


Irina Doliov
Sr. Product Manager, Trusted Download Program
Irina has over ten years of professional experience in Product Management and Marketing in the internet,
software & professional services industries.
Email: idoliov@truste.com


More info: www.truste.com
File a consumer complaint: https://www.truste.org/pvr.php?page=complaint


                                                                                              24

More Related Content

Similar to How to Integrate Privacy into Your Customer Care

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
CSID - Data Protection - SXSW 2013
CSID - Data Protection - SXSW 2013CSID - Data Protection - SXSW 2013
CSID - Data Protection - SXSW 2013jessicawarren
 
Steps to prepare for TRUSTe EU certification
Steps to prepare for TRUSTe EU certificationSteps to prepare for TRUSTe EU certification
Steps to prepare for TRUSTe EU certificationTRUSTe
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer FirstVivastream
 
10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotatedwdsnead
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer FirstVivastream
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!SparkPost
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Privacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital AgePrivacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital AgeAgile Financial Technologies
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Nytlegal #56866-v3-ona 2013-_ds_draft
Nytlegal #56866-v3-ona 2013-_ds_draftNytlegal #56866-v3-ona 2013-_ds_draft
Nytlegal #56866-v3-ona 2013-_ds_draftPeter Outlaw
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingTransUnion
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit  Pci dss presentation   Bashir FancySask 3.0 Summit  Pci dss presentation   Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 

Similar to How to Integrate Privacy into Your Customer Care (20)

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
CSID - Data Protection - SXSW 2013
CSID - Data Protection - SXSW 2013CSID - Data Protection - SXSW 2013
CSID - Data Protection - SXSW 2013
 
Steps to prepare for TRUSTe EU certification
Steps to prepare for TRUSTe EU certificationSteps to prepare for TRUSTe EU certification
Steps to prepare for TRUSTe EU certification
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
E commerce(report)
E commerce(report)E commerce(report)
E commerce(report)
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer First
 
10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer First
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Privacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital AgePrivacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital Age
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Nytlegal #56866-v3-ona 2013-_ds_draft
Nytlegal #56866-v3-ona 2013-_ds_draftNytlegal #56866-v3-ona 2013-_ds_draft
Nytlegal #56866-v3-ona 2013-_ds_draft
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost Broking
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit  Pci dss presentation   Bashir FancySask 3.0 Summit  Pci dss presentation   Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
 

More from TRUSTe

How to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesHow to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesTRUSTe
 
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTRUSTe
 
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email Complaints
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email ComplaintsTRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email Complaints
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email ComplaintsTRUSTe
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Boosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealBoosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealTRUSTe
 

More from TRUSTe (6)

How to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesHow to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase sales
 
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
 
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email Complaints
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email ComplaintsTRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email Complaints
TRUSTe/Epsilon Whitepaper -- Best Practices that Minimize Email Complaints
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer Care
 
Boosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealBoosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy seal
 

Recently uploaded

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 

Recently uploaded (20)

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 

How to Integrate Privacy into Your Customer Care

  • 1. HOW TO INTEGRATE PRIVACY INTO CUSTOMER CARE October 22, 2008 Note: Please mute your phones to prevent interference. This webinar will be recorded.
  • 2. AGENDA • Compliance Overview • Monitoring • Watchdog Dispute Resolution • Enforcement & Case Studies • Q&A 2
  • 3. ENSURING PRIVACY AND TRUST IN A NETWORKED WORLD BUSINESSES CONSUMERS Need to Demonstrate Look to Identify Trustworthy Compliance with Privacy Online Businesses Best Practices to Gain Consumer Trust REGULATORS Want Enforcement and Compliance Assurance 3
  • 4. TRUSTE COMPLIANCE SERVICE TRUSTe resolves over 5,000 Watchdog complaints a year. Issues ranging from unwanted email and unauthorized profiles, to critical data leaks and even unauthorized credit card usage. Complaints against companies small in size to large, well-known enterprise brands; from retailers to tax services and everyone in between. 100% complaint resolution rate. 4
  • 5. YOUR “BRANDING INSURANCE POLICY” Prevent • TRUSTe is here to detect weak points in your business practices or site that could result in unknown a privacy threat, preventing escalation in the privacy pitfalls. public eye. Extend your • Watchdog complaints are filed after a customer has first tried to contact a company customer care directly – TRUSTe acts as a liaison between with privacy. you and the customer facilitating recourse. Protect your • TRUSTe provides the resources to help keep brand. your brand a trusted one. 5
  • 7. WE KNOW WHAT OUR LICENSEES ARE DOING… Avoid common mistakes – TRUSTe helps you review WHAT data you collect, and WHY. • Collection and Use of Information • Choice and your Web site’s use of PII • Choice and Sharing of Information with Others • User Access to PII • Security • User Complaints • Response to Legal Process • Technical Information 7
  • 8. DIAGNOSTIC SCANNING UNCOVERS PRIVACY WEAK POINTS • Undisclosed cookie usage • Lack of security for sensitive information • Lack of Privacy Statement link off homepage • PII collection without a Privacy Statement link • No privacy contact information provided • Possible web beacon usage • Bump-out if collects age 8
  • 9. PRIVACY RISKS THAT GO UNDETECTED…. • FTC CAN-SPAM unsubscribe violations • Insufficient authentication procedures • Lacking SSL encryption on password request pages • Failure to delete online profiles due to process flaw • Deceptive collection disclosures for importing user Address Book • E-mail addresses leaked to third-party spammers via misbehaving partner • Non-response to CA Shine the Light law inquiries • Cross-site scripting vulnerability 9
  • 10. 2007 SCANNING PASS/FAIL RESULTS Automated and manual monitoring of each Web Site’s privacy statement and data collection processes. • 59% overall pass rate on first scan • Enterprise pass rate slightly lower at 52% • Enterprise Web sites tend toward more complexity 10
  • 12. WATCHDOG DISPUTE RESOLUTION PROGRAM CONSUMERS: SEALHOLDERS: • Online independent • Goal is to augment recourse mechanism Sealholder’s privacy • Specific to privacy program, escalate and complaints resolve complaints quickly • FREE of charge to • Watchdogs are consumers confidential, there is no • Easy-to-use online form public posting of • Transparent, fair and complaints equitable • Early security and privacy • Complaints for offline issue identification data can be submitted by mail or fax 12
  • 14. CONSUMER & SEALHOLDER FEEDBACK “As always, TRUSTe sends “I had no idea what to expect. I a complete snapshot of what was delighted with the prompt the complainant is stating; acknowledgement of my TRUSTe runs a very tight complaint and the fast resolution ship and we're lucky to be of my problem.” associated with you!” - Watchdog Complainant - TRUSTe Sealholder “Within 48 hours of filing a complaint at Truste (about the classic closeouts ripoff), my credit account has been credited the full amount by classic closeouts (TWO unauthorized charges of $69.99 each). If you have been a victim of this scam, file right away. You can find a link to truste at the classic closeout site. Looks like they have pull!!” - Watchdog Complainant 14
  • 16. ENFORCEMENT PROCESS Monitoring or Watchdog complaints triggers escalated investigation, which may include email seeding. Sealholders are notified of non-compliance and given five days to respond with compliance plan. In the event of non-compliance, or non- responsiveness, TRUSTe sends seal- holder a certified letter of termination. The Sealholder has 20 business days to fix the compliance issue to TRUSTe’s satisfaction. 16
  • 17. ENFORCEMENT ACTIONS 2007 • Three terminations in 2007 where Licensee did not cure. • Three decline to renew in 2007 due to “uncertifiable” business models. • The vast majority of Licensees cure as soon as they are notified of an enforcement action or Watchdog complaint. – Committed to protecting their brand and consumer good will. – Don’t want to risk termination for cause and publication or referral. 17
  • 18. LEAKED “DO NOT EMAIL” LIST In Spring 2008, the Watchdog System helped identify a security vulnerability of a leading tax filing Web site. • Further information revealed the Tax firm had mistakenly made their DO NOT mail list public by posting to their FTP server. • Upon additional investigation, TRUSTe verified the leak and notified the licensee. • The licensee took immediate action and quickly remedied the situation. The Watchdog Process helped pinpoint the source of the breach quickly, helping to minimize consumer harm. 18
  • 19. CHANGEABLE URL VULNERABILITY In July 2008, the Watchdog helped discover a changeable URL that left consumer data exposed. • The web site was unknowingly permitting a user to manually change the last few digits of his or her unique URL thereby granting the user access to sensitive identification papers of other individuals, including their passports. • Company took immediate action – remedied vulnerability within hours and subsequently notified affected individuals. The Watchdog helped licensee repair the problem, promptly preventing large scale data exposure. 19
  • 20. INCOMPLETE DOMAIN NAME An incomplete domain name on web site allowed a rogue look-alike site to intercept sensitive consumer data. • The licensee’s web site error leaves an incomplete link pointing to the local name for the server. • A rogue look-alike site is able to: – Intercept the web site’s traffic – Duplicate the web site’s look and feel to deceive consumers • TRUSTe promptly verifies the Watchdog complaint and alerts the licensee. Licensee arranges an emergency update to their web site that same evening to fix it and notifies users. 20
  • 21. TERMINATION: CLASSIC CLOSEOUTS In June 2008 TRUSTe receives a consumer complaint indicating unauthorized charges to individual’s credit card. • TRUSTe analyzes licensee's consent process and security procedures. • Licensee is suspended due to program violations: – Given time to cure violations and opportunity to be reinstated • Licensee responds to some but not all cure items. • On 9/23/2008 TRUSTe publicly announces Classic Closeouts’ termination. TRUSTe took immediate investigation actions and worked rapidly to obtain a refund for unauthorized charges. 21
  • 22. THE VALUE OF COMPLIANCE FOR TRUSTED DOWNLOAD PROGRAM • Trusted Download Program (TDP) certifies downloadable software • Most infractions in TDP are perpetrated by partners rather than Program Participants • Controlling distributors / affiliates takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations – Technological control over the consent process • Referral URL’s, consent mechanism – Solutions to verify validity of downloads • Audit download rate patterns, provide avenue for consumer complaints 22
  • 23. A TDP Enforcement Success Story • comScore, RelevantKnowledge suspension July 2007 – A rogue partner distributed the software before obtaining positive user consent – comScore removed rogue distributor – TRUSTe worked with comScore to develop a technological check on all downloads BEFORE install. – comScore fully implemented the solution across all distributors – Reinstated to program on April 2008 Details available on http://blog.truste.org
  • 24. PRESENTER BIOS John P. Tomaszewski General Counsel, TRUSTe John ensures that TRUSTe’s compliance and enforcement efforts are thorough, transparent and defensible. Prior to joining TRUSTe, John served as Chief Privacy Officer of CheckFree Corporation and provided trust model consulting through his private practice. Email: johnt@truste.com Simona Nass Director of Compliance, TRUSTe Simona brings over 15 years of Internet-related privacy and technology experience. She previously served in high level positions at Red Hat, Internet service provider PANIX, as well as at other companies focusing on web services and e-mail. Email: snass@truste.com Irina Doliov Sr. Product Manager, Trusted Download Program Irina has over ten years of professional experience in Product Management and Marketing in the internet, software & professional services industries. Email: idoliov@truste.com More info: www.truste.com File a consumer complaint: https://www.truste.org/pvr.php?page=complaint 24