Follow these valuable tips to adhere to strict standards of online privacy and to avoid being in violation of your TRUSTe® certification. We publish a Tech Tip in each edition of our monthly newsletter. To read the following tips in more detail, visit the newsletter archive page. For a new tip every month, subscribe to our newsletter!

Check your privacy statement for readability. Privacy statements need to be easy to read and understood by consumers.
Build trust with your consumers: Write your privacy statement in straightforward language and organize it clearly. More...

Verify that your Web site is using the most updated links to your validation page and to TRUSTe's Watchdog Dispute Resolution program complaint form.
TRUSTe has made improvements to its internal databases. As a result, the URL to TRUSTe’s Watchdog Dispute Resolution program page has changed, along with the URL format for TRUSTe’s “Click to Verify” seal. More...

To avoid “Unable to Contact Licensee” Watchdog complaints, regularly update the contact information listed in your privacy statement.
TRUSTe recommends that all member sites perform periodical verification of the contact information posted on their site’s privacy statement to ensure that privacy issues are received and handled in a timely manner. More...

Reduce the number of “Improperly Shared Information” Watchdog complaints your site receives by taking a few simple steps to improve notice and choice.
TRUSTe recommends providing concise and robust notice regarding information sharing for partnerships or special offers and presenting partnerships in an opt-in basis. More...

Reduce the number of "unable to unsubscribe" Watchdog compliants your organization receives by improving your subscription process.
TRUSTe recommends adding an email verification mechanism to your subscription process and making your unsubscribe process as straightforward as possible. More...

If your organization shares personal information with third parties for marketing purposes, it may need to comply with SB 27, California’s “Shine the Light” Law, which went into effect on January 1, 2005.
SB27 requires companies that do business with California consumers and share personal information with third parties for marketing purposes to provide consumers with a designated contact point where they can request an Information-Sharing Disclosure Notice. More...

Whitelisting offers commercial emailers a way to ensure valid messages make it past spam filters.
TRUSTe endorses the Bonded Sender program, which has been designed to identify legitimate sources of email, enhance deliverability, and reduce the number of consumer complaints.

Take extra steps at the data collection point to notify consumers of how their information will be used when that use is not immediately apparent to the consumer.
It is important for your organization to exercise transparency when communicating your practices to consumers. Most organizations do this by providing a link to their privacy statement on the site's homepage or on pages requesting personal information. However, there are some cases when extra efforts to communicate your privacy practices are needed. Organizations that take extra steps to clearly communicate their privacy practices to consumers build trust, which will ultimately lead to a strong and loyal customer base.

Verify that your Web site is using the most updated links to your validation page and to TRUSTe's Watchdog Dispute Resolution program complaint form.
TRUSTe has made improvements to its internal databases. As a result, the complaint Web form URL for our Watchdog Dispute Resolution program has changed, along with the URL for TRUSTe's "Click to Verify" seal. Please replace the current Watchdog URL on your privacy statement to the following URL: http://www.truste.org/consumers/watchdog_complaint.php. In addition, the TRUSTe "Click to Verify" seal that is on your privacy statement should no longer link to https://www.truste.org/validate/12345. This format is no longer valid. Please link the "Click to Verify" seal (clicksealbox.gif) to http://www.truste.org/ivalidate.php?url=www.truste.com.

Ensure consistency in your privacy policies by aligning your terms-of-service statement with your privacy statement.
The best way to address this issue is to cross-reference your privacy statement with your terms-of-use statement. Confirming uniform privacy practices throughout your Web site projects a clear and concise impression to consumers while minimizing your exposure to privacy risk.

When establishing your company’s privacy program, build internal documents with an eye to your public privacy statement.
Your posted privacy statement is the document that defines your entire privacy program and your internal documentation regarding processes and procedures for enforcing privacy within your organization should be in lockstep with the public privacy statement. Developing internal documents and policies with an eye to your outward-facing privacy statement is one more step toward mitigating your privacy risk.

Companies should review their privacy policy on a regular basis to make sure the privacy policy accurately reflects their current data collection and handling practices.
It is important to review your privacy policies on an annual basis, even if there is the belief that nothing has changed. One tool that you can use to conduct a privacy-practices assessment is TRUSTe's self-assessment form. Be sure to involve all parties who handle customer data -- at a minimum, management, marketing, legal, operations, and IT -- in the annual privacy review process.

Keep the lines of communication between TRUSTe and your company open and responsive.
Communication between TRUSTe and our members is very important throughout the term of your license. By keeping TRUSTe up to date with your company's current contact information, we can be sure that all necessary notices are properly addressed and all issues requiring follow-up are dealt with properly and in a timely fashion.

Implement the TRUSTe seal properly to identify yourself as a legitimate TRUSTe licensee.
On your site, the TRUSTe Final Mark should always link to the privacy statement, and the TRUSTe "Click to Verify" seal should always appear on the privacy statement, linking the consumer to a secure validation page.

Streamline your renewal process and stay consistent with CAN-SPAM requirements with TRUSTe License Agreement 9.0.
On March 1, 2004, TRUSTe introduced License Agreement 9.0. In most cases, License 9.0 – a form-fillable self-assessment – only requires members of TRUSTe's general Web privacy seal program to submit a full self-assessment form every three years! For further details and new program requirements, read our FAQs.

When drafting or revising your privacy statement, use may or might statements sparingly.
Avoid sounding evasive and build trust upfront by using forthright language. Your privacy statement should describe actual practices consistent with the Fair Information Practice of Notice.

Add an effective date to your privacy statements.
This fulfills one of the requirements of the California Online Privacy Protection Act of 2003, which took effect July 1, 2004. The statement can be as simple as "Effective as of January 1, 2004."

If your organization experiences a data spill or security breach, contact TRUSTe immediately.
Your account manager will help you assess the situation, and TRUSTe will track all related Watchdog complaints to help you respond quickly.

Plan ahead to include TRUSTe's privacy principles when expanding your Web site.
TRUSTe recognizes and appreciates your need for continuous growth and development, so contact your TRUSTe account manager to help you plan new Web site features and functionality around privacy.

Minimize data collection on your Web site.
Only collect enough personal data from visitors to provide them with your products or services, or to allow them to participate in an activity on the site. Users will have greater trust in your organization if you collect minimal information, and tell them why the information is necessary.

When making use of user-profiling technologies such as cookies, log files and Web beacons, notify users in your privacy statement.
Tracking individual users' movements on your site can give you valuable marketing insight, but the use of all personally identifiable information must be disclosed, or you could be acting outside the Fair Information Practices guidelines.

Notify customers of transfer of their personally identifiable information.
If your business undergoes a transition such as an acquisition, merger or bankruptcy, you need to provide your customers notice, and in some cases choice, regarding the transfer of their information to the new controlling organization.

Implement an automated unsubscribe system.
An automated system lets you ensure that each request is processed within a reasonable timeframe. Also, send users a confirmation email that allows them to verify that their request has been processed.

Determine whether changes to your Web site are "material changes" requiring you to notify all site users.
If changes are made to the way you handle your customers' personally identifiable information, give them notice so they can chose whether they want to continue sharing their information with you.

Avoid COPPA violations. Do not indicate to users that an age restriction exists when collecting personally identifiable information.
COPPA is triggered whenever your Web site collects both age-identifying information and personally identifiable information. If you notify users at the point of data collection that an age restriction exists, they can easily circumvent the restriction.