Have you ever bought items on eBay and Etsy or looked up restaurant reviews on Yelp? I bet you have. These sites and thousands of others all have one thing in common: They're certified by TRUSTe, a service that's supposed to assure consumers that the sites they're using are safe and secure. But, it turns out you might not want to trust TRUSTe. That's because it just paid the FTC $200,000 to settle a complaint that alleges the company failed to ensure that certified companies actually kept user data secure.
In its complaint, the FTC says that from 2006 to 2013, TRUSTe failed to live up to its promise to consumers. The commission found these deceptive business practices unacceptable.
The FTC says that in that span of time, there were some 1,000 "incidences" where companies weren't forced to re-certify on an annual basis despite TRUSTe's site claiming otherwise.
TRUSTe says that it didn't re-certify some websites annually because those sites purchased "multi-year agreements." The company also claims this only makes up 10% of annual reviews. The number might seem small, but that's still 1,000 websites that didn't have compliance reviewed.
TRUSTe doesn't just have to fork over $200,000 to settle the complaint, though. It also has to give in to some other FTC demands.
First, the company isn't allowed to make "misrepresentations about its certification process or timeline." TRUSTe also makes sure websites are COPPA compliant. COPPA, or the Children's Online Privacy Protection Act, regulates how websites that handle information from users under the age of 13 collect personal information. TRUSTe now must "detail any COPPA-related information to the FTC in an annual filing for the next ten years..."
When they're actually doing their job, certifications like TRUSTe are a nice way to make sure the websites you're using are handling your information appropriately. I'm glad to see the FTC is holding the company accountable so that consumers aren't tricked into thinking websites are safe.
If you want to make sure personal data you enter into a website is secure, it's also important to ensure that data is encrypted. To do that, look for the lock symbol and "https" near the beginning of the address bar in your browser. This means the site is using secure sockets layer encryption. Sites like eBay and Yelp might not have it enabled on the homepage, but do use encryption when you log in to your account or enter payment information. Click here to make sure the sites you're using are encrypted.