How TrustArc’s SaaS Platform and Consulting Services Have Been Helping Businesses Address Privacy and Security Compliance Concerns for 20+ Years

TL; DR: The online business space is fraught with risks to proprietary and consumer data, and, for two decades, TrustArc has been helping organizations mitigate them. TrustArc takes a three-pronged approach to risk management that empowers businesses to build privacy programs, assess and allay threats, and seamlessly manage compliance. Each year, the company’s SaaS platform and team of experts help orchestrate and review millions of site scans, cookie consent notices, and privacy-compliant ads. By prioritizing customer privacy, TrustArc’s goal is to reduce the complexity of compliance and risk management to facilitate a better relationship between businesses and the consumers who drive their revenue.

A shopper browses an online store for new clothes, unsure of whether to finalize her purchase. After a few minutes of contemplation, she decides against it and closes the tab with her items still in the cart. Later that day, she receives a message from the eCommerce site that contains a limited-time coupon code and wonders how the company obtained her email address.

After debating whether her info was sold to the company in question, she finally remembers a family member had previously enrolled her in a customer-loyalty campaign. And, glancing down at the bottom of the checkout page, she notices the TRUSTe privacy seal issued by the compliance and risk management firm TrustArc. Breathing a sigh of relief, she reviews her cart again and decides to make the purchase.

Such scenarios have become commonplace in today’s digital marketplace. And it’s TrustArc’s aim to help organizations maintain brand trust in an environment where consumers are wary of their data being bought and sold by third-party advertisers.

TrustArc helps businesses comply with local data protection laws by reviewing their privacy policies and guiding them through their revision. With the sheer number of privacy laws on the books, companies are tasked with juggling many factors that could affect company image, revenue, and legality.

“There are literally hundreds, if not thousands, of different privacy laws and regulations around the world — some at the country level, some at the state level, and some tied to specific industries,” said Dave Deasy, TrustArc’s Senior Vice President of Marketing and Product Management. “Companies have struggled with how to address and deal with them.”

In 1997, TrustArc was founded as TRUSTe by Lori Fena and Charles Jennings with the mission to enable businesses to self-regulate their privacy concerns. TrustArc’s original privacy solution was to grant certification to companies and organizations that met its standards.

Essentially a privacy audit, the Privacy Certification Program awarded deserving sites a seal of approval, visible at the bottom of webpages — most often homepages and checkout pages.

“More than 20 years ago, when TRUSTe was founded, we really were the first to offer any kind of compliance solution,” Dave said. “The company eventually built a set of standards that combined the laws and regulations from a number of different geographies and industries.”

As the internet has grown — and more and more people have shifted to mobile browsing and shopping — the laws protecting these consumers have continued to evolve.

“A long time ago, when a regulation got put in place, you could typically solve it by amending your privacy policy,” Dave said. “About six years ago, that started to change as the concept of targeted advertising became more common.”

In response to rising consumer privacy concerns, the FTC determined that users should know what data is being collected, and have the option to opt out of data collection.

As a result of changing regulations, advertisers were eventually required to include a blue triangle called the adchoices icon on online ads as indications of targeted advertising. This way, consumers could easily tell which ads were targeted to them and opt out of receiving the ads if they so desired.

Since large corporations can deploy thousands of ads during a given campaign, sorting out user preferences is tedious, especially when tracking cookies have been cleared from the browser.

“In 2011, we introduced our first technology solution, Ads Compliance Manager, which was designed specifically to deal with that privacy compliance requirement,” Dave said. “More and more privacy laws require some kind of technology to allow a company to address those requirements.”

Privacy requirements help ensure that companies uphold transparency, especially with advertising. In 2012, for example, the EU Cookie Directive declared that businesses in the EU cannot drop cookies on users without their prior consent.

“Common concepts that tend to come up in discussions on privacy are notice and choice,” Dave said. “A very significant piece of legislation called the General Data Protection Regulation (GDPR) created a common framework and structure for companies to have a consistent set of requirements in the EU.”

Dave told us EU privacy laws are stricter than their US counterparts and heavily restrict the use of cookies, even with prior notice. Ultimately, complying with these laws demonstrates respect for customer privacy and leads to increased brand trust.

While technology has steadily evolved, it continues to change the way we use and share data in our daily lives. As such, the laws protecting this data are constantly changing to account for possible vulnerabilities. Laws like GDPR have become more common as users become increasingly aware of privacy concerns.

“Lately, GDPR is the #1 topic in the world of privacy compliance today,” Dave said. “It impacts companies of all sizes — it impacts you whether you’re selling to businesses or consumers, and it impacts you independent of what industry you’re in.”

While the laws protecting it have changed over time and vary from region to region, the natural desire for privacy remains universal.

“It’s one of those big things that’s sweeping a lot of transformation in the industry,” Dave said.

At 200-plus pages and 99 articles, GDPR is a massive law with numerous stipulations. With clients at various stages of compliance, TrustArc simplifies preparation by first reviewing privacy policies against GDPR to identify gaps. Following that, TrustArc guides clients along the three-step process of revision: building the plan, implementing different controls and other pieces of the platform, and demonstrating compliance.

“Historically, privacy has been the domain of the legal department within a company,” Dave said. “However, with this new need to implement technology to address privacy compliance, you’re seeing more involvement from the IT department.”

With the GDPR deadline approaching in May 2018 — and many more proposed regulations on the horizon — TrustArc has been hard at work in helping businesses remain compliant.

“There are already some other big regulations in the works that are going to augment GDPR, one of which is the ePrivacy Regulation,” Dave said. “These are going to require additional changes on the part of companies.”

The EU ePrivacy Regulation places strict regulations on spam and other forms of unsolicited electronic communications. While changing laws present new challenges to business, the end result is positive for all parties involved.

When customers determine a retailer to be trustworthy, they are far more likely to make a purchase, while a seemingly shady company with no transparency will likely receive little to no business from people who value their online privacy. By complying with regulations, businesses not only avoid fines, but forge stronger and longer-lasting relationships with customers. The best form of advertising is one that appeals to a user’s unique interests without compromising their data security. And, for over 20 years, TrustArc has helped businesses improve their image and privacy compliance, in turn making the web a safer place for all.