A leading provider of privacy certifications for Internet-based companies has reached a tentative settlement with the U.S. Federal Trade Commission (FTC) in connection with charges that it failed to conduct annual audits of previously certified companies for continuing compliance.
The company TRUSTe has agreed to pay a fine of $200,000 for knowingly misleading consumers about its recertification activities in connection with privacy policies and practices of its client companies. In addition, TRUSTe will be prohibited from making misrepresentations about its certification process, as well as misrepresenting its status as a non-profit entity. The company became a for-profit corporation in 2008, but continued to provide clients with model language for their privacy policies that referenced TRUSTe as a non-profit.
According to the FTC complaint, TRUSTe failed in over 1000 instances between 2006 and January 2013 to conduct the annual required recertification audits of companies authorized to display TRUSTe privacy marks on their websites and other collateral. This lack of recertification activity directly conflicted with claims on the TRUSTe website that company’s displaying the TRUSTe certification mark were recertified every year.