Federal Trade Commission Dear Gramm-Leach-Bliley Agencies, Privacy Council commends the Federal Trade Commission and other sponsoring agencies for calling the December 4, 2001 workshop to provide a public forum for discussion on effective privacy notices as required under Gramm-Leach-Bliley (hereinafter GLB). Privacy Council provides businesses with the expertise and technology needed to build and maintain customer trust. Therefore, we welcome this opportunity to present our P3P Compliance Program. Our Program allows a company to create, manage, and inventory all of their privacy policies, while staying current with relevant legislation and technology issues. More specifically, within our P3P Compliance Program is a technology tool called Privacy Manager that enables a company to easily write compact policies, a draft of a privacy policy, and then post an easy to read TrustPage, which is in effect, a privacy "food label." At Privacy Council, privacy is our business. Since our formation in early 1998, we have focused exclusively on creating solutions that businesses need to increase and maintain customer trust and long-term loyalty. We create these solutions from four divisions within our company. First, we create knowledge products, which keep individuals up-to-date on changing privacy legislation and regulations. Second, we provide technology tools, which assist businesses in writing privacy policies. Third, we provide a managed services division, basically an outsourced privacy staff for companies who desire an affordable, reliable privacy program. Finally, Privacy Council provides advisory services to businesses in need. Internet Explorer 6 is going to change the Internet privacy paradigm forever with its P3P technology. P3P on IE6 helps a consumer evaluate the privacy risks of sites using 3 rd party cookies and content. Sites that fail to create compact policies or evaluate their consistency with English language privacy policies, in light of IE6, face a multitude of issues from loss of visitors to possible litigation. The new P3P standards have the potential to help build consumer trust, but only if businesses accurately create and maintain their privacy policies.Privacy Council has implemented its P3P Compliance Program in order to help businesses stay P3P compliant and maintain customer trust. The following discussion of our Program directly addresses the agencies concerns listed in Question 2 of the Federal Register Notice of the workshop because it explains how our Program helps create privacy notices that; 1) are easy to understand, 2) are effective, and 3) can serve as models for communication between businesses and customers. First and foremost, our P3P Compliance Program assists businesses in learning the current state of their privacy program. We perform a Privacy Assessment of the client’s industry related privacy business practices, plus perform a technical scan of their Web site. We also study their existing privacy policies. Then, with our proprietary Privacy Manager software, we enable a company to write P3P compact policies – and if necessary a draft of a Privacy Policy – and verify them for consistency, completeness and appropriateness. All privacy policies are then submitted to the client’s legal counsel for review. Finally, Privacy Manager generates the TrustPage, which directly addresses the GLB agencies’ concerns of creating policies that are easy to find, easy to read, and easy to use. The TrustPage allows businesses to summarize all key components of their privacy policy in one page presented in "food label" form. By "food label" form, we mean that the TrustPage presents a summary of the company’s privacy policy in a format that literally reads as quickly, easily, and comprehensively as a food nutritional label. For example, instead of looking at fat grams or calories, a customer will read whether a business collects personal information, uses cookies, records online behavior, or allows third-party tracking of customer information. (To see an example of what a privacy "food label" looks like, please visit www.trustpage.org). In presenting these issues, a business is giving notice to customers about how it uses and disseminates personal information. The goal of providing an easy-to-read TrustPage is to increase customer education and trust in online transactions. The TrustPage achieves GLB’s goal of providing an easy-to-read and easy-to-understand privacy policy. In closing, we reiterate that Privacy Council exists to provide businesses with privacy solutions that increase customer trust. We believe that effective financial privacy notification is essential to achieving the full potential of ecommerce. Our P3P Compliance Program gives businesses a comprehensive way to achieve privacy compliance and our TrustPage will help build customer confidence in privacy policies. Sincerely, Dr. Larry Ponemon
Contact Us | Search | Complaint Form | Privacy | Site Map | Home Last Updated: Wednesday, January 30, 2002 |
