Businesses operating online have undertaken an impressive series of actions designed to help foster consumer confidence by protecting personal privacy in cyberspace. All Online Privacy Alliance members have posted privacy policies and many have done a great deal more. The following list is a partial review of what some companies and trade associations have done to help develop a system that safeguards privacy through rigorous, self-regulatory policies and practices:
Select a company:
24/7 Media is a global Internet, media, and technology company. It helps web publishers and advertisers with online advertising through its suite of interactive marketing services. 24/7 Media’s solutions are based on our clients’ needs and expectations. The company’s solutions include advertising and direct marketing sales, ad serving, promotions, e-mail list management, e-mail list brokerage, e-mail delivery, data analysis, loyalty marketing, wireless and convergence solutions, all delivered from the company’s industry-leading data and technology platforms.
Acxiom Corporation is a founding member of the Online Privacy Alliance and the Individual Reference Services Group, and is actively involved in developing self-regulatory guidelines with the Direct Marketing Association. Acxiom has an extensive privacy policy available both in print and on its web site. Acxiom educates consumers on use of and access to individual information through its Web site and its Consumer Hotline. Acxiom also publishes a brochure for consumers entitled “What every consumer should know about the use of individual information,” designed to educate consumers about use, benefits, their rights of choice, and access. Acxiom contractually binds its customers and information suppliers to follow legal and industry guidelines, and makes it a condition of employment that Acxiom employees sign a letter each year acknowledging that they have read and understand the company’s policy on privacy. Acxiom executives are regular speakers at industry events on the subject of consumer privacy and frequently consult with Acxiom’s business customers on their privacy policies. Acxiom provides extensive education to the executive team, product development groups and sales staff on fair information practices, privacy policies and industry practices. Acxiom produces a monthly privacy newsletter to educate Acxiom executives and customers. Acxiom has a corporate-level executive position dedicated to the issue along with full-time staff in the divisions. In addition, Acxiom conducts third-party assurance reviews to ensure privacy practices are being followed.
Acxiom Corporation is a founding member of the Online Privacy Alliance and the Individual Reference Services Group, and is actively involved in developing self-regulatory guidelines with the Direct Marketing Association. Acxiom has an extensive privacy policy available both in print and on its web site. Acxiom educates consumers on use of and access to individual information through its Web site and its Consumer Hotline. Acxiom also publishes a brochure for consumers entitled “What every consumer should know about the use of individual information,” designed to educate consumers about use, benefits, their rights of choice, and access. Acxiom contractually binds its customers and information suppliers to follow legal and industry guidelines, and makes it a condition of employment that Acxiom employees sign a letter each year acknowledging that they have read and understand the company’s policy on privacy. Acxiom executives are regular speakers at industry events on the subject of consumer privacy and frequently consult with Acxiom’s business customers on their privacy policies. Acxiom provides extensive education to the executive team, product development groups and sales staff on fair information practices, privacy policies and industry practices. Acxiom produces a monthly privacy newsletter to educate Acxiom executives and customers. Acxiom has a corporate-level executive position dedicated to the issue along with full-time staff in the divisions. In addition, Acxiom conducts third-party assurance reviews to ensure privacy practices are being followed.
America Online has made privacy a priority across all of its technology, programming, marketing, policy and consumer education activities and initiatives over the past year. AOL has forcefully strengthened the policy on the AOL service and also developed and posted independent privacy policies on its other services and Web sites, including AOL.com, CompuServe, Digital City, ICQ, AOL France, AOL Germany, AOL UK, AOL Canada, AOL Japan and AOL Australia. AOL is a founding sponsor and member of the Board of Directors of both TRUSTE and BBBOnLine, and participates in their governing bodies. To help encourage other partners to undertake privacy initiatives, AOL has distributed privacy guidelines to all of its advertising and commerce partners. AOL has helped lead numerous industry association meetings and symposiums with a focus on privacy and has directed and supported consumer education initiatives, both online and off. AOL contributed PSAs to the Privacy Partnership Campaign, the single largest consumer education campaign in Net history, which was dedicated to raising consumer awareness of online privacy. The company requires its AOL Certified Merchants to post privacy policies that adhere to the OPA standards.
The American Association of Advertising Agencies (AAAA) is educating its members about the importance of online privacy through various publications and conferences. It has encouraged member agencies to post privacy policies on their Web sites and also to educate their clients about the importance of posting a privacy policy. Additionally, AAAA has assisted several agencies in developing privacy policies. AAAA conducted two informal surveys of members’ Web sites and contacted agencies that had not posted a privacy policy to encourage them to do so. As a founding member of the Children’s Advertising Review Unit (CARU), AAAA helped create online privacy guidelines to protect children and worked with the FTC and Congress to develop children’s privacy legislation. AAAA also is a member of FAST (Future of Advertising Stakeholders), a broad-based industry coalition dedicated to accelerating the development and broad use of online advertising. FAST recently launched “Operation Sign-Up,” a major initiative to encourage all national advertisers and advertising agencies to adopt OPA’s privacy guidelines, with a goal of signing up at least 80% of our members by July 4th.
The American Advertising Federation (AAF) has launched sweeping consumer protection initiatives designed to increase the number of small marketing and advertising businesses with online privacy policies. Within the next few months, AAF will distribute a package of privacy policies for use by AAF’s 42,000 small businesses that allows for tailoring of individual privacy policies. Augmenting this effort, AAF plans to present educational workshops to members in 20 cities. AAF also is working with the Council of Better Business Bureaus to promote participation in BBBOnLine’s Privacy Seal Program.
The American Electronics Association (AEA) has been working with high-tech industries to build a plan for individual privacy protection. AEA chaired the Information Technology Policy Council (ITPC) working group to develop an industry plan for privacy. In June 1998, ITPC adopted a framework and a plan of action to promote broad adoption of these privacy policies by July 1, 1999. AEA also is promoting the BBBOnLine PrivacySeal, urging its 3,000 high-technology member companies to apply for and display the seal.
The American Institute of Certified Public Accountants (AICPA) teamed with the Canadian Institute of Chartered Accountants to launch CPA WebTrust, an electronic commerce seal designed to help make the Internet a safer place to shop. The seal assures businesses and consumers that a certified e-commerce Web site meets established criteria and standards for information protection and privacy. In addition, the WebTrust seal indicates that the Web business is able to fulfill customer orders as claimed and fully discloses its business practices. In March 1999, binding, third-party arbitration to resolve privacy, customer service and product quality complaints was integrated into the service. The seal is currently being offered in the United States, Canada, Puerto Rico, England, Scotland, Ireland, Wales and Australia.
Ameritech implemented a comprehensive online privacy policy over the last year and is now in the process of applying for the BBBOnLine Privacy Seal. Ameritech also funded a research study, “Privacy Concerns and Consumer Choice,” conducted by Privacy and American Business and Louis Harris and Associates. The study shed light on the importance consumers place on individual privacy in cyberspace. Highlights of this study can be accessed atwww.privacyexchange.org.
Association for Competitive Technology – NetPrivacyPower.org along with over 30 IT companies have developed a set of practices for educating and empowering consumers to use the power they already have to safeguard their personal information on the Internet. The practices include: Reading posted privacy policies, leaving sites that do not post privacy polices, utilizing privacy enhancing tools that allow anonymous browsing, managing “cookies,” not giving out personal information unnecessarily and not responding to “spam” or junk e-mails. More information on protecting privacy as well as privacy facts and myths, can be found by visiting www.NetPrivacyPower.org.
The Association of National Advertisers (ANA) is encouraging its member companies to post privacy policies on their Web sites by featuring privacy in its publications and in speeches. The ANA conducted two informal surveys of members’ Web sites, individually contacted those companies that had not posted a privacy policy and assisted a number of companies in developing and posting the policies. A founding member of the Children’s Advertising Review Unit (CARU), ANA helped develop new online privacy guidelines to protect children and then worked with the FTC and Congress to craft privacy legislation for children. ANA is a member of FAST (Future of Advertising Stakeholders), a broad-based industry coalition dedicated to accelerating the development and broad use of online advertising. FAST recently launched “Operation Sign-Up,” an effort to encourage all segments of the online business community to adopt OPA’s privacy guidelines.
The Association of Online Professionals (AOP) has a privacy policy posted on its Web site, with links to other resources. The weekly AOP Bulletin, a summary of legislative and industry news for executives, details developments on privacy issues and is reprinted extensively throughout the Internet industry. In February, the AOP issued a special policy alert encouraging members and other companies within the industry to post and abide by privacy policies.
AT&T strengthened and expanded its online privacy policy covering all its consumer and business online services last October. The new policy, posted at all AT&T Web sites, ensures that each of AT&T’s online business units, or any other company that performs services on the company’s behalf in connection with online services, follows the stated online policy. AT&T strengthened its privacy protections for children by announcing that it would not collect personally-identifiable information from anyone under 18. AT&T recently participated in industry and association briefings to promote online privacy; briefed consumer organizations on privacy; and, supported the development of, and hosted briefings on, the Platform for Privacy Preference (P3P), a technology enabled user empowerment tool. AT&T is a sponsor of the BBBOnLine Privacy Seal Program, and recently underwrote “Beyond Concern: Understanding Net Users’ Attitudes About Online Privacy,” a study showing that privacy policies combined with well-known seals gave consumers an extremely high measure of confidence that their privacy was being respected.
Avenue A considers Internet user privacy to be of paramount importance. We are committed to protecting users’ online privacy and have implemented a progressive privacy policy. We subscribe to the Federal Trade Commission’s Fair Information Principles of Notice, Consent, Access, Security and Enforcement; and our privacy policy addresses each of these Principles. We also believe that our delivery of advertisements and collection of anonymous data is performed within these FTC Principles. In addition, to ensure our continuing compliance to our privacy policy and the NAI Self-Regulatory Principles, we retain an independent third party audit firm to attest to our compliance on a quarterly basis. We are a member of the Internet Advertising Bureau, Online Privacy Alliance and the Network Advertising Initiative (NAI).
Bank of America is a founding member of the Online Privacy Alliance and a full sponsor of the BBBOnLine Seal Program. Bank of America believes customers choose to do business with the bank because they recognize the bank’s commitment to keeping customer information secure and confidential. Bank of America participates in a number of industry and cross-industry organizations dedicated to creating effective self-regulation privacy. Its customer information principles are posted on the Bank’s Web site, along with comprehensive online guidelines. Bank of America communicates regularly with associates about privacy issues through internal publications and training materials.
The Business Software Alliance (BSA) has posted a privacy policy on its Web site and has worked with its members to encourage them to adopt the OPA privacy guidelines. Members have posted online privacy policies consistent with OPA principles.
Compaq has posted a corporate privacy statement throughout its Web site, and implemented an internal privacy policy. Compaq has conducted direct outreach to key customers on the issue. Through its Tandem division, Compaq has been a premier sponsor of the TRUSTe Privacy Seal program and participated in the Privacy Partnership last fall, through the Alta Vista Company, a Compaq subsidiary, to raise consumer awareness of privacy issues through banner ads. As a member of the Computer Systems Policy Project (CSPP), an association of computer company CEO’S, Compaq developed a CEO education outreach program. CSPP placed a full-page ad in USA Today to educate businesses about online privacy protection and distributed a copy of the ad to all the Fortune 1000 CEOs.
Dell, the first recipient of the BBBOnLine Privacy Seal and a charter member of this program, provides protected online transactions. Dell has posted a corporate privacy statement, hosts a dedicated privacy Web page that details Dell’s practices regarding the collection and protection of customer information, and offers its customers the industry’s first online shopping guarantee to provide extra protection from credit card theft, misuse and fraud.
In June 1999, Disney’s Buena Vista Internet Group (BVIG) and Infoseek Corp., home of GO Network , instituted a groundbreaking, comprehensive advertising policy to promote industry adoption of online privacy standards. GO Network TM (www.go.com) and BVIG Web sites, including Disney.com, ESPN.com, Family.com, ABC.com and ABCNEWS.com, will no longer accept nor purchase Internet-based advertising from Web sites that do not post clear policies regarding the collection and use of personal information gathered online. The advertising policy underscores a long-standing commitment by Disney to further the industry’s stewardship of privacy concerns. BVIG is a member of the TRUSTe Privacy Seal program; assisted the OPA with recruitment activities; and served as chair of the organization’s working group on children’s privacy. In addition, BVIG served on the board of the Children’s Advertising Review Unit, and participated in a TRUSTe portal program on children’s privacy issues. Disney also worked with the Federal Trade Commission and Congress to develop the Children’s Online Privacy Protection Act, and remains a strong advocate of children’s online privacy legislation.
DoubleClick keeps its users up-to-date on the type of information it collects and how it uses this information. DoubleClick updates its privacy policy notices on its Web sites and hired legal staff to monitor privacy matters affecting users and to respond to users’ queries efficiently and effectively. In addition to being a member of the OPA, DoubleClick is an active member of the Internet Advertising Bureau, New York Media Association, and the American Advertising Federation.
Dun & Bradstreet chairman, Terry Taylor, delivered speeches last year at four high-profile global events to promote consumer privacy and industry self-regulation: the US-Japan Business Council annual meeting; the Information Technology Association of American annual meeting; the Transatlantic Business Dialogue annual meeting, and the Davos World Economic Forum. Dun & Bradstreet has participated in panels at industry conferences and delivered messages to ITAA’s Coalition of Regional Information Technology Associations to promote privacy online. Dun & Bradstreet is a founding sponsor of the BBBOnLine Privacy Seal program and serves on its Board of Directors. Dun & Bradstreet is also the founder of the information policy committee at ITAA. Internally, Dun & Bradstreet has hired professional staff to work on privacy issues, held briefings for senior executives, instituted a quarterly internal privacy newsletter to keep senior executives abreast of privacy issues and created Web privacy policies for Dun & Bradstreet companies in the U.S., Europe and Canada.
eBayhas had a policy on privacy since its inception and continues to modify and amend this policy as new concerns arise regarding consumer privacy. Ebay is a founding member of the Online Privacy Alliance and TRUSTE. Ebay participated in the initial research survey to establish the BBBOnLine Seal program. The company also participated in the Georgetown Privacy Survey which was reported to the FTC in the spring of 1999. The Ebay privacy policy is comprehensive and details exactly how information is used by Ebay. Acknowledging that most users would prefer to glance at a chart than read a wordy document, Ebay has created a ‘first-of-it’s-kind’ Privacy Chart. With a simple glance, users can see how information is used and shared by Ebay. Ebay suggests to our business sponsors that they post a privacy policy on their services, so users can use their services with full disclosure.
Electronic Retailing Association In March 1999, the Electronic Retailing Association developed guidelines for online business practices. The member-required Online Marketing Guidelines were adopted in full by America Online as part of its certified merchant program. The Guides contain all-around marketing principles including advertising, claims substantiation, and disclosures, and stress the proper online collection and use of personal information. In addition, ERA has partnered with BBBOnLine, a division of the Council of Better Business Bureaus, in offering its online privacy seal program at a substantial discount to its membership. ERA proudly displays the seal on its own Website. In September 1999, the association launched its one-stop source for electronic shoppers (www.savvyshopper.org) to help consumers learn their rights. In July 2000, in a partnership with George Mason University’s School of Public Policy, ERA held a forum on the successes and challenges of Internet self-regulation at the U.S. Chamber of Commerce. Convening online retailers, service providers, trade organizations, and consumer groups, the forum served as a launch initiative for the School to research the effect of the use of privacy policies and other online business practices on consumers. The association is currently working with the Federal Trade Commission to hold a workshop in January 2001 addressing retailing on the Internet, what online executives need to know to operate within the law. Following the seminar, a reference guide will be published to assist all online marketers.
E-LOANposted its privacy statement online, became a founding member of the Online Privacy Alliance, joined TRUSTE and funded a staff position to manage privacy actions and policies. To further E-LOAN’s commitment to online privacy, it is signing up with the American Institute of CPA’s WebTrust program, which will perform an audit of E-Loan’s privacy and security standards to obtain the WebTrust seal. E-LOAN will undergo audits every 90 days to retain the seal. Through frequent speaking engagements nationwide, E-LOAN has challenged the online industry to take a more aggressive posture in self-regulation, explain how consumer information is being used and provide general consumer education related to privacy in cyberspace.
Engage in the past year has established on its Web site a comprehensive new privacy statement which includes Privacy FAQs and a procedure to opt out. In addition to membership in the OPA, Engage is a sponsor of TRUSTe, an active participant in the Platform for Privacy Project (P3P) of the World Wide Web Consortium, and a co-author of the P3P Protocol. Engage authored an Internet Draft, submitted to the HTTP Working Group of the Internet Engineering Task Force (IETF), that allows Web servers to inform users of their privacy practices with regard to HTTP cookies. To assure its commitment to consumer privacy, Engage recently hired a privacy expert to help guide its policies. The Company’s commitment extends to its customers, who are required to post a privacy statement disclosing their collection and use of visitor data.
Equifax has integrated its privacy policy into company practices by incorporating privacy policy materials in new employee orientation materials, allowing access to its privacy policy through links on every page of the Web site and creating a staff position focusing on the execution of Equifax’s privacy policy and procedures. Equifax also has undergone two independent assurance reviews of its privacy policies, and reviews by an outside consultant of several Equifax products and online services. Equifax is a member of the BBBOnLine Steering Committee and recently was awarded a BBBOnLine Privacy Seal.
Ernst & Young’s initiated several programs to assist United States companies to improve their compliance to Privacy legislation. These activities include the formation of the Center for Trust Online (CTO), an Ernst & Young organization dedicated to advancing informed debate on Trust in the online economy through research and development. Ernst & Young has also launched the Global Commerce & Privacy Service which combines business consulting, information technology, assurance, and legal practices in the delivery of privacy consulting to clients in the US and Europe. Ernst & Young developed an e-Privacy Service available to clients to assist in addressing specific enforcement issues for corporate privacy policies. Ernst & Young has joined the ISPTA, strongly supported the Online Privacy Alliance, and provided support to Mary Culnan’s Georgetown Privacy Survey. Proposing a discussion framework for Privacy Enforcement in industry, Ernst & Young drafted the Certified Compliance white paper, which reviews the current state of privacy protection and proposes alternative views on self-regulatory framework for Internet information management. By integrating privacy services in its offerings to clients, Ernst & Young works with clients internationally to respond to the need for privacy policies. In closed-door sessions with European privacy regulators, Ernst & Young has promoted actions consistent with the OPA mission. Ernst & Young has implemented a privacy policy on its Web site.
European-American Business Council >Encirq is an online marketing services company that delivers personalized marketing in a way that protects consumer privacy. Encirq’s unique data engine relies on encrypted profiles that sit on consumers’ own computers, not in a centralized data warehouse, so the data is safe, secure and private. All the data processing, management and analysis occur on the consumer’s personal computer. No one has access to the consumer’s personal data, not even Encirq. Consumers can opt-in and opt-out of the service whenever they choose. Founded in San Francisco, Calif., in March 1998, Encirq can be found on the Internet at www.encirq.com.
The European-American Business Council (EABC) continues to facilitate a constructive dialogue between companies, the European Commission and the U.S. Government on data privacy issues. Over the past year, the EABC has hosted meetings in Washington and Brussels with the chief negotiators and leaders in the US Congress and European Parliament. The EABC keeps its members informed about privacy developments through its weekly newsletter and monthly meetings with the Washington representatives of its member companies. The organization has posted a privacy statement on its Web site and has encouraged its companies to do the same.
Experian’s Consumer Advisory Council, formed in 1992, has been the benchmark in consumer/industry privacy dialogue. The Council has included consumer advocates, industry leaders, and government policy makers among its members. Experian’s consumer education materials have helped many consumers understand information use. During the 1990’s Experian has been a corporate leader in encouraging market self-regulation, including helping to lead the Direct Marketing Association, Individual Reference Services Group, and Software and Information Industries Association.
Gateway has drafted, implemented and posted three new privacy policy documents that serve as pages on their Web site. These are linked in all areas of Gateway’s Web site and are written in easy-to-understand language. Gateway has institutionalized the protection of personal information by limiting access to client information databases, communicating its privacy policy to all employees and establishing and enforcing penalties for violations of the privacy policy.
IBM adopted a global online privacy policy in 1997. As an early evangelizer of privacy policies, the company has organized or sponsored a number of customer briefings, hosted a privacy policy conference with Secretary of Commerce William Daley, co-sponsored a series of workshops on Web privacy policies with the Software and Information Industry Association, and formed a dedicated team in its Global Services division to guide organizations through the process of creating and implementing practices that comply with applicable privacy policies or regulations. IBM is a founding sponsor of both the TRUSTe and BBBOnline Privacy Seal programs. The company also supported other outreach efforts, such as Call For Action’s Consumer Education Initiatives and a CEO education project through the Computer Systems and Policy Project. As the second largest advertiser on the Web, IBM recently announced that it would no longer advertise on U.S. and Canadian Web sites that did not post privacy policies.
The Information Technology Association of America (ITAA) promotes OPA’s principles with its 11,000 direct and affiliate members through its network of 35 regional information technology associations. At its industry trade shows and other events, as well as through its free electronic publications, ITAA funnels information about privacy policy to its members.
The Information Technology Industry Council (ITI) has adopted a set of principles in the past year for the protection of personal data and posted the principles, along with a privacy policy, on their Web site. It helped its affiliated standards secretariats, the American National Standards Institute, and its member companies, develop and post effective privacy statements. ITI worked with other information technology associations to develop a High-Tech Industry Self-Regulatory Privacy Plan, which includes a commitment to promote widespread adoption and implementation of privacy policies by July 1999. ITI’s President, Rhett Dawson, has authored several op-eds and spoken at industry forums on the importance of the private sector taking an active leading role in protecting personal information in electronic commerce.
InsWeb posts a privacy policy on its Web site and holds the TRUSTe Privacy Seal.
Intel maintains a multi-faceted privacy program. The recently strengthened privacy policy provides full disclosure to the user, including how personal information is collected, used, and stored. As a corporate sponsor of TRUSTe, Intel displays the TRUSTe seal along with our privacy policy. Moreover, Intel continues to be a consulting sponsor for the BBBOnLine seal program. In an effort to promote the development of technologies needed to solve the complex security and privacy issues of electronic commerce, Intel joined forces with other leading technology and financial organizations to form the International Security, Trust, and Privacy Alliance (ISTPA). Additionally, Intel is extending its privacy practices into its advertising activities. Effective September 1, 1999, Intel will only purchase advertising space on web sites posting a comprehensive privacy policy that meets the guidelines of the Online Privacy Alliance. Cooperative advertising licensees are being urged to follow a similar policy, which will become a U.S. program requirement as of January 1, 2000. Similar requirements will be implemented in other countries as local guidelines are established by similar regional organizations.
The Interactive Digital Software Association (IDSA) adopted Principles and Guidelines for Fair Information Practices last year to guide its members in developing business practices to protect the privacy of consumers. As a result, nearly 20 IDSA members, representing the vast majority of the entertainment software market, had posted privacy policies as of March 1999. In the future, entertainment software Web sites will be able to assure the privacy of visitors through the privacy seal program being developed by the Entertainment Software Ratings Board. In addition to posting its own policy, IDSA has persuaded several entities with which it has relationships to post privacy policies.
The Internet Alliance founded the first consumer Internet education program, Project OPEN (the Online Public Education Network), in 1996 with partners including the National Consumers League, the National Center for Missing & Exploited Children, and U.S. Office of Juvenile Justice and Delinquency Prevention. The IA participates in the Privacy Partnership, and conducts many programs to inform its members, other companies and decision-makers in Washington and the 50 states to engage and report on developments in privacy policy. The Internet Alliance has recently expanded its scope of policy concern to address broader consumer issues on the Internet such as fraud and unsolicited commercial email. It has also taken a lead role in the states by tracking the 2,000 Internet related bills that are expected to appear in state legislatures this year. The IA was a principal contributor to the creation of the OPA, and provided staff for the Alliance. IA’s CyberBriefs, sent by email to its members and policymakers, provide daily updates on news worldwide about online privacy and other Internet issues.
Kodak has a privacy policy that informs Web site visitors of how personal online information is protected. The company ensures that employees are aware of these policies through seminars and other systems. A member of the steering committee of BBBOnLine, Kodak has applied for the BBBOnLine Privacy Seal. Kodak executives have actively participated in industry forums and spoken in various venues to encourage other businesses to adopt privacy policies and programs.
LEXIS-NEXIS has a privacy policy posted on its Web site that informs users about how the company acquires and distributes information products. The policy includes recommendations on how consumers can access information about themselves that is contained in LEXIS-NEXIS information products and how consumers can opt-out of these information products. The company has applied for a BBBOnline Privacy Seal, is a member of the Board of BBBOnline and the BBBOnline Privacy Steering committee, and chairs the Individual Reference Services Group, an industry self-regulatory effort. As part of a company-wide educational campaign promoting the responsible use of information products, the company has conducted consumer privacy awareness training programs for all of its employees, and has spoken at more than twenty industry, bar and policy events on various aspects of consumer privacy protection and industry self-regulation in the past year.
Microsoft has mobilized a company wide campaign to put consumers in control of their online personal information, and has continued widespread education of its business partners and the industry at large about the need to protect consumer privacy online. Recent privacy initiatives include the company’s plan to purchase advertising space only on Web sites that have comprehensive privacy policies posted by the year 2000, and launching and promoting the Privacy Wizard, a free online tool that allows people to easily create and post comprehensive privacy policies on their privacy.linkexchange.com Microsoft is also leading the development of a standard industry platform for privacy, the Platform for Privacy Preferences (P3P) Project, and is working to incorporate P3P protocols into its products and services, eventually enabling customers to express their privacy preferences and visit sites based only on those preferences. Microsoft Passport, a service that will provide customers with a single, sign-in registration and “wallet” for use across a large number of Web sites, demonstrates our commitment to protecting consumer privacy and data security. Microsoft is also a founding member and active participant in GetNetWise, a children’s online safety initiative, and participates in programs with other industry organizations to educate a broad range of consumers about effective ways to use the Internet safely and protect personal data online.
The Motion Picture Association of America (MPAA) and its seven members are committed to protecting individuals online and all MPAA member Web sites have posted privacy policies. As a strong advocate of protection of children on the Internet, MPAA member companies have been leading the way in implementing the Children’s Online Privacy Protection Act.
NCR has adopted corporate-wide privacy principles for the personal data protection of consumers and employees. NCR is looking to enable other companies to more easily and effectively meet OPA’s principles by making available data protection software, such as Teradata, and services, such as Privacy Discovery, that will allow businesses to manage consumer choice, facilitate consumer access, and provide security, accountability, and anonymity. NCR also created a “Privacy Center” dedicated to assisting businesses in meeting consumer data protection guidelines in Europe, the United States and other world markets. NCR ran an advertisement that appeared in American airports that read: “If you want your customers’ TRUST, you have to respect your customers’ PRIVACY.” NCR privacy executives have also participated in industry events and forums worldwide concerning consumer privacy and industry self-regulation.
Netscape continuously updates its privacy policy, which has been posted on its Web site since August 1997. Founding sponsor of both BBBOnLine and TRUSTe privacy certification programs, Netscape’s Web site is certified by TRUSTe. Their Kids and Family Channel was the second site to carry TRUSTe’s Kid Seal.
Verizon Communications produced a videotape featuring FTC Commissioner Mozelle Thompson speaking on protecting online privacy. It was broadcast to Verizon employees to educate them on the company’s privacy policies. Verizon displays the TRUSTe Privacy Seal, and has been active in advocating to companies about adopting privacy policies and posting them on their Web sites. Recently, Verizon introduced a Bill Viewing Service that allows customers to access the information the company maintains on them.
Viacom’s Nickelodeon Online launched a series of online safety vignettes featuring Nickelodeon’s animated characters in February. In March, Nick.com was voted one of the Web’s safest sites by Cyber Angels, the largest online safety and educational program on the Internet. Holding advertisers to its guidelines, Nickelodeon’s standards department reviews all prospective ad links for kid-appropriate content and safety. Nick.com will not link with an advertiser who has a chat room unless it can prove that the room is monitored by an employee of the advertiser’s company. At its own chat events, Nickelodeon always monitors in real-time with company monitors. Viacom is a member of the steering committee of BBBOnLine, and has worked with the FTC in its implementation of the Child Online Privacy Protection Act. Nick.com was the first children’s Web site to receive a special Kid’s Privacy Seal from the BBBOnLine, demonstrating the site’s commitment to protecting the privacy of children.
Novell audits its Web site to ensure that all company privacy guidelines are followed. Novell is a sponsor of TRUSTE and carries the seal. In addition, Novell has taken the pledge to limit web advertising to those with a TRUSTe or equivalent privacy policy in place. In March, Novell demonstrated a new product called DigitalMe, which gives individuals the ability to manage their Internet identity. By leveraging the power of Novell Directory Services (NDS), DigitalMe enables users to share different kinds of information about themselves with different sites according to their personal preferences. It will be available as a free download from the Internet in a few months. Novell has made online privacy a priority over the past year. They have an extensive privacy policy designed to educate consumers about Internet use, their rights of choice, and access to personally identifiable information. Novell has established an inter-departmental privacy team to review all aspects of the company’s online privacy activities. Novell continues as a premier sponsor of TRUSTe, carries the TRUSTe seal, and works closely with them to promote industry self regulation. Novell is also developing products and tools that can empower users to control their personal information online.
PricewaterhouseCoopers LLP was one of the first professional services firms to post a privacy statement on its Web site and now is revising the statement in line with current international standards. PricewaterhouseCoopers LLP is a member of the TRUSTe Board of Directors, and is one of the official auditors for TRUSTe. PricewaterhouseCoopers also sponsors various surveys and projects with Privacy and American Business and participated in the 1998 Department of Commerce symposium on online privacy. In May 1999, the company released a white paper, “Privacy . . . A Weak Link in the Cyber-Chain,” examining the impact of privacy issues on the growth of E-Business. Articles on web privacy, children’s privacy online, and privacy and software agents can be found on www.pwcglobal.com/privacy/. In addition to helping U.S. industry implement self-regulation processes, PricewaterhouseCoopers also assisted Hong Kong Data Protection Commissioners in developing and implementing verification processes for its Personal Data Protection Ordinance.
Procter and Gamble was an early participant in the Online “Privacy” Alliance (OPA) and a charter member of BBBOnLine. P&G serves on the BBBOnLine Board and chaired the multi-industry Steering Committee that oversaw the successful development of BBBOnLine’s self-regulatory program. P&G also chaired the International Chamber of Commerce (ICC) Task Force that developed that organization’s self-regulatory policy. P&G continues to actively promote self-regulatory approaches to managing online privacy, a recent example being a presentation entitled “Self Regulation of Interactive Media: The New Millennium Challenge” given to the 46th World Congress of the World Federation of Advertisers (WFA) in Seoul, Korea (Edwin L. Behrens: May 1999). P&G posts its privacy policy on all U.S. corporate and brand Web sites to inform consumers how their data will be used and managed. P&G’s Privacy Policy and associated guidelines have been broadly communicated both internally and also to all interactive advertising agencies and key internet technology vendors with which P&G does business. P&G makes it a practice to only advertise on sites that have a posted privacy policy.
The Software and Information Industry Association (SIIA) has developed a comprehensive approach to assisting companies in developing privacy practices. This includes creating educational materials to help companies, working with enforcement mechanisms to reach SIIA member companies and developing a seminar series to help companies develop privacy policies that will be offered in cities throughout the country through 1999. These three-hour, interactive seminars provide an overview of the legal environment, explain self-regulation, outline what a privacy policy should contain, provide a checklist for companies to use in auditing their own practices, identify who in a company should be involved, suggest methods for communicating with customers and define different types of third-party enforcement mechanisms. In addition, SIIA has developed an aggressive member-to-member outreach program to ensure that all of its member companies implement the fair information practices adopted by the association.
Unilever has linked a comprehensive consumer privacy policy to each of its brands’ Web sites in the past year. To ensure ongoing compliance with the policy, Unilever retained an outside firm to monitor its efforts and to highlight any other potential privacy-related issues. Unilever intends to seek the TrustE and/or BBBOnLine seals for each of its sites.
The United States Council on International Business (USCIB) hosted an inter-association meeting on effective privacy protection that issued a call-to-action for associations to work with member companies to post privacy policies. To assist USCIB members in the internal review process during the development of a privacy policy, the association developed a Privacy Diagnostic that has been widely disseminated. USCIB co-sponsored the SIIA Privacy Policy Workshops and is currently developing a program to encourage member companies that have not yet posted privacy policies to do so. USCIB through its international affiliations with the International Chamber of Commerce (ICC) and the Business and Industry Advisory Committee to the OECD, has taken an active role in promoting effective self-regulation based on the OECD privacy guidelines. Through the ICC, a model contract for privacy protection has been developed and submitted to the European Commission.
WebSideStory a provider of the HitBox audience measurement service, launched on its Web sites a comprehensive Privacy Center that includes (1) detailed disclosures for Internet users, (2) on-line viewing for Internet users wishing to see what information about their computers is available to Web sites they visit, (3) a list of all HitBox and other cookies received at WebSideStory sites, along with their purpose, (4) an opt-out for HitBox cookies that works across 150,000 sites using the HitBox service, (5) detailed FAQs, and (6) resource links enabling an Internet user to answer privacy related questions. WebSideStory revised its data collection techniques and privacy policies to stop collecting IP addresses of Internet users, either at WebSideStory sites or any sites using the HitBox service. WebSideStory participates in the Internet Advertising Bureau’s Chief Privacy Officer Council and is a member of the Privacy Partnership. The company has its own Chief Privacy Officer, an expert on Internet legal issues. WebSideStory contractually requires its customers using the HitBox service to post privacy policies, disclose that the service is being used and link to the WebSideStory Privacy Center. WebSideStory also launched a detailed FAQ for Webmasters, providing links to valuable resources. WebSideStory has been awarded both the TRUSTe and BBBOnline seals for each of its sites.
WorldCom has a strong history of commitment to consumer privacy. The company’s policies for protecting personally identifiable information exceed OPA guidelines, and its practices have been validated by the BBBOnLine, one of the leadership organizations in online privacy protection. Further, WorldCom takes special care to protect the privacy of children and does not collect personally identifiable information from anyone under 18. WorldCom is united in ensuring privacy online and its intra-corporate privacy task force upholds the strictest of privacy protection standards in handling its customers’ personal data.
Xerox Corporation had a robust privacy policy posted online since early 1997 covering the entire xerox.com domain. As a founding sponsor of BBBOnline, Xerox currently serves on the BBBOnline Board and is in the process of applying for the BBBOnline seals. Xerox is also a sponsor of the Online Privacy Alliance and currently upholds all online privacy guidelines set forth by the OPA.
Yahoo!’s and Yahooligans!, Yahoo!’s Web guide for kids, are both TRUSTe licensees. Yahooligans! was the first children’s site to display the TRUSTe Children’s Privacy Seal. Last October, Yahoo! co-founded the Privacy Partnership to raise consumer awareness of online privacy.