 |
|
 |
|
|
|
SUMMARY TESTIMONY OF RUSSELL BODOFF SENIOR VICE PRESIDENT AND CHIEF OPERATING OFFICER BBBOnLine COUNCIL OF BETTER BUSINESS BUREAUS, INC. UNITED STATES SENATE COMMITTEE ON THE JUDICIARY "PRIVACY IN THE DIGITAL AGE: DISCUSSION OF ISSUES SURROUNDING THE INTERNET" WASHINGTON, D.C. WEDNESDAY, APRIL 21, 1999
Mr. Chairman and members of the Committee, I am pleased to present to you the BBBOnLine Privacy Seal program and to share the experience of our first month of operation after the official launch of the program on March 17. BBBOnLine is a subsidiary of the Council of Better Business Bureaus with the BBBOnLine Privacy initiative supported by the financial leadership and technology direction of 24 leading edge companies. The Program benefits from the Better Business Bureaus 100% name recognition as well as the BBB’s 86 years experience in voluntary self-regulation and consumer dispute resolution. Our Privacy Program:
To qualify for a privacy seal, companies must submit an application and successfully complete a comprehensive assessment process that investigates over 170 different aspects of an applicant’s information practices. The founding principle of our Privacy Program is that it requires privacy seal participants to "Say What You Do, Do What You Say, and Have It Verified.SM" This begins with an easy to find and easy to understand privacy notice. Privacy notices must be "one click away" from a website’s homepage and from every other page where personally identifiable information is collected. Depending on the information practices of the participant, this privacy notice may contain as many as 16 required disclosures, but it will always describe who is collecting information, what types of information is being collected, and how that information is used and shared. It will always disclose how an individual can access and correct their information, how to contact the company, and how to contact BBBOnLine. While evaluating the privacy notice is critically important,,, the BBBOnLine assessment does not stop there, but looks further into the actual information practices of a company. Participants must have in place reasonable security measures to prevent unauthorized access to both stored and transmitted data. This includes doors and locks, adequate training for employees, adequate logs and record keeping, and a mandatory use of encryption when there is a receipt or transmission of sensitive information such as credit card numbers, health care data, and social security numbers. Seal participants must provide a means by which individuals can gain reasonable access to all the maintained and retrievable personally identifying information they submit online. Seal participants that operate websites or online services, that are directed to children under age 13, must also complete an additional children’s supplemental assessment questionnaire and assessment process. BBBOnLine’s Privacy Program’s free, convenient, and speedy dispute resolution service offers the assistance of trained professionals to ensure that consumers have a simple and effective way to have their concerns addressed. Consumers can contact the BBBOnLine Dispute Resolution Intake Center via email, toll-free telephone call or by simply following our online complaint directions located on our website. As remedies, consumers can seek to have the information which was submitted online used only in a manner consistent with the company’s published privacy policy and/or the consumer can seek to have inaccurate information corrected. BBBOnLine may also require corrective action in the form of a change in a seal participant’s online privacy policies or practices if, based on the evidence in the case, it finds such action to be required to avoid recurrences of the same complaint. The Program will also monitor compliance through a system of random audits to ensure that program participants remain in compliance. We have designed our program to have serious and effective consequences for non-compliance. In our dispute resolution process we will publish decisions so that the public will be able to monitor resolution of complaints about violations of privacy policies. The Privacy Seal Program has been officially "open for business" for only one month. Since the launch, we have already received over 240 formal applications, have awarded 14 seals and have many others close to approval. The response has been impressive and more applications are coming in everyday. Companies are reporting that the assessment process is a very thorough and that it requires them to carefully evaluate, and in some cases change, their entire data collecting and processing practices. Now that we are open for business we are engaging in an aggressive outreach program to educate as many businesses as possible on good privacy practices. For example, we recently entered into an agreement with the American Electronics Association to educate their 3,000 plus members about good privacy principles. Similar business outreach will be announced shortly with other major associations as well as our Better Business Bureaus. Next on our agenda we will be developing a major outreach to consumers and to children to help them better understand how to protect their privacy while online. In closing let me say how excited we are that the BBBOnLine Privacy Program which was created in less than nine months is already being described as the most comprehensive privacy self-regulation anywhere in the world. Consumers have a high level of trust in our organization, a study released by AT&T research labs last week indicated that a privacy notice along with a Better Business Bureau seal gives consumers a higher level of confidence than privacy regulation. I want to thank the Committee members for their attention and hope that you share our enthusiasm about the tremendous progress that has been made. I am available to answer any questions that you have.
|
|
