77 Trust Signals to Build Website Trust, Visits and E-Commerce
"Trust signals," broadly defined, are the evidence points that inspire confidence in your brand...
At the ripe old age of 24, the TRUSTe seal is the granddaddy of trustmarks. And while it's not quite as influential as it used to be, it still may be worth having on your website to earn brand trust.
TRUSTe started as a non-profit association to foster online commerce by helping organizations self-regulate privacy concerns. It wanted online businesses to work together to address the rising privacy fears of consumers. This was decades before anyone had ever thought about the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) or the dozens of other consumer data privacy regulations that exist today.
TRUSTe was a trailblazer from the start. Among its achievements, it was the first organization to form a framework encompassing both U.S. and European data privacy standards in 2000. A lot has happened since then, but TRUSTe has continued its mission to ensure internet users can feel confident that their data and browsing experiences are secure.
TRUSTe has also been a leader in advocating for the privacy of children’s data online, and has helped set standards to control spam emails—which, like data privacy, have today moved from self-regulation to a governmental regulatory model.
The company has not been without its own reputation management issues, however.
As early as a 2002 Wired Magazine article, critics have questioned whether the TRUSTe certification can be trusted. As with most trust seals, such as the Better Business Bureau accreditation seal, companies have to pay for certification and the right to display the TRUSTe seal. This led journalist Paul Boutin of Wired to suggest that "TRUSTe officials often seemed to be covering for their clients" rather than enforcing their own standards.
These accusations were seconded by Harvard economics researcher Ben Edelman, who asserted that TRUSTe-certified companies were actually less trustworthy than uncertified companies based on his research. He specifically cited the 2008 case of Coupons.com, a company that had earned the TRUSTe seal but nevertheless "stored data in deceptive filenames and registry entries designed to look like part of Windows." Edelman said Coupons.com continued this practice even after TRUSTe claimed that the company had corrected it.
In 2014, the Federal Trade Commission announced that TRUSTe had agreed to settle a complaint that it misrepresented its recertification program with a $200,000 penalty. The FTC complaint alleged that from 2006 to 2013, TRUSTe failed, in over 1,000 instances, to conduct annual privacy checks as promised on the companies it certified.
TRUSTe has emerged from these controversies bloodied but unbowed.
According to surveys, the TRUSTe seal continues to strike a positive note with consumers visiting not just e-commerce sites, but any website that asks visitors to entrust it with their private data. It communicates to visitors that you take protection and privacy of their personal data seriously.
Today, TRUSTe offers multiple certifications and verifications, for the U.S. and worldwide. TRUSTe says of its Enterprise Privacy & Data Governance Practices seal:
Companies who display the TRUSTe Certified Privacy seal have demonstrated that their privacy policies and practices meet the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
TRUSTe monitors ongoing compliance through annual recertifications and complaints received through the Privacy Feedback mechanism.
All companies that display this seal are solely responsible for their own privacy practices and for promptly notifying TRUSTe of any changes that might affect their certification status.
It's fair to say that TRUSTe is no longer the preeminent trustmark to website visitors. Many have never heard of the organization or know of its history, and many other entities and regulations have stepped forward in the privacy and security space.
But the most recent data shows that TRUSTe is still one of the 10 most recognized trust seals. And with recognition comes trust.
TRUSTe currently functions as the certification subsidiary of TrustArc. The parent company was renamed to TrustArc in 2017. The company is based in San Francisco.
According to the blog post announcing this change, “The TrustArc name reinforces our deep privacy expertise developed over the past two decades along with our ongoing expansion into new technology-powered solutions.”
TrustArc offers a variety of TRUSTe seals and TRUSTe certifications that companies can display on their website to assure clients of their compliance with the guidelines that the seal represents. Companies obtain TRUSTe seals is by going through an assessment process conducted by TrustArc. Then, the TRUSTe team guides the company through any remediation required to make their privacy program compliant with certification standards.
Once the necessary changes have been made, the company is awarded the TRUSTe seal along with a Letter of Attestation that can be shared with business partners as proof of compliance.
Current TRUSTe certifications include:
This TRUSTe certification on a company’s website demonstrates that it is aligned with TrustArc’s Privacy & Data Governance Framework. This framework is an amalgamation of several regulatory standards consisting of but not limited to:
This seal demonstrates that a company is compliant with the EU-U.S. Privacy Shield Framework. The framework comprises a set of guidelines instituted to protect people’s personal data handled by companies operating in the EU and US.
Similar to the International Privacy Seal, these two trustmarks demonstrate a company’s compliance with the APEC Privacy Framework. APEC or the Asia-Pacific Economic Cooperation has put forth two standards under their framework that companies need to abide by in order to handle the personal data of people living in the Asia-Pacific region. These two standards are:
With regards to Privacy Shield compliance, TrustArc offers three verification packages for customers to choose from. The most basic is the “Dispute Resolution Package”, which lets companies harness TrustArc’s expertise to address or resolve any privacy inquiries raised by consumers or end-users, as per the terms of Privacy Shield.
The most fully featured option, known as the “Privacy Shield Verification Package,” offers comprehensive guidance for making companies fully compliant with Privacy Shield. This includes not only assessing their privacy practices and setting up a searchable audit trail, but also constant monitoring and remediation assistance. Once compliance is established, the company is awarded the TRUSTe Verified Privacy seal and the Letter of Attestation.
The mid-tier package known as the “Privacy Shield Assessment Package” does not offer constant monitoring or the TRUSTe Verified Privacy seal but includes all the other core services required for companies to align themselves with “Privacy Shield”.
The California Consumer Privacy Act (CCPA) regulation applies to all companies that harness consumer data for their business. In essence, CCPA comprises four rights that California consumers enjoy, namely: -
The CCPA Validation report can be displayed on a company’s website to demonstrate their compliance with CCPA following an independent assessment by TrustArc.
The EDAA or European Interactive Digital Advertising Alliance mandates that companies collecting user data for targeted or Online Behavioral Advertising (OBA) must do so in accordance with a set of guidelines.
TRUSTe is an EDAA-sanctioned certification provider. To that end, TrustArc assists companies in making their practices compliant with the terms set forth by the EDAA and awards them the EDAA Trust Seal after all prescribed changes are made.
The General Data Protection Regulation or GDPR is a comprehensive set of guidelines instituted by the European Union in 2016 that all companies using customer data of the people living in EU nations must abide by. In addition, the regulation puts down specific terms and conditions applicable to data controllers and processors.
GDPR mandates that data must be anonymized whenever possible, and data controllers must design systems centered around user privacy. The mandate puts down six lawful bases under which any user data can be processed, namely consent, contract, public task, vital interest, legitimate interest, or legal requirement. For a company to collect and use personal data, its function must fall under at least one of them.
TrustArc offers two options for validating a company’s GDPR compliance. One is called the GDPR Program Validation, and the other is known as GDPR Practices Validation. Each caters to a different aspect of GDPR compliance.
TrustArc’s evaluation process requires companies to be aligned with GDPR articles and ISO 27001 standards, TrustArc privacy standards, and the Data Governance Accountability Framework.
If a company clears all of TrustArc’s evaluations, they are awarded a OnePIN badge. OnePIN is a leading provider of User Agreement services and has teamed up with TrustArc to certify GDPR compliance.
As important as online privacy was to consumers in the early days of the internet, it's fair to say that issues like how to balance personalization and privacy are even more hotly contested today—with the biggest tech companies in the world on the hot seat.
Which puts TrustArc—and its TRUSTe subsidiary—right where the action is.
To apply for a TRUSTe seal, visit TrustArc's website.
Scott is founder and CEO of Idea Grove, one of the most forward-looking public relations agencies in the United States. Idea Grove focuses on helping technology companies reach media and buyers, with clients ranging from venture-backed startups to Fortune 100 companies.
"Trust signals," broadly defined, are the evidence points that inspire confidence in your brand...