“Now, users have less control over private information, and it was done without the users’ permission,” Sen. Charles Schumer, D-New York, said on Capitol Hill.

Schumer and Sens. Michael Bennet of Colorado, Mark Begich of Alaska and Al Franken of Minnesota sent a letter to Zuckerberg about Facebook’s decision to allow third-party sharing of users’ information.

“We are writing to express our concern regarding recent changes to the Facebook privacy policy and the use of personal data on third party websites,” the senators wrote. “The expansion of Facebook — both in the number of users and applications — raises new concerns for users who want to maintain control over their information.”

Last week, Facebook began a “small pilot program” with Microsoft Docs.com, Pandora and Yelp that would offer personalized experiences when visiting those sites.

“These partners have been given access to public information on Facebook — such as names, friend lists and interests and likes — to personalize your experience when you’re logged into Facebook and visit their sites,” Austin Haugen, a Facebook product manager, wrote on the network’s blog.

The senators specifically took issue with the changes because the new settings require users to “opt out” if they do not want to share any information.

“The way to go is opt-in,” Schumer said. “The default position should be that the information is not shared, not that the information is shared.”

Amplifying his colleagues’ concerns, Schumer called on Facebook to “reverse its policy so that users have to opt in to shared data, rather than opt out.”

The New York Democrat added, “The onus here should be on Facebook, not the user.”

Franken emphasized the difficulty for users to opt out under the current settings, saying he would “read what you have to do to opt out, but we really only have so much time.”

Bennet, who was a superintendent of the Denver, Colorado, Public Schools before being appointed to the Senate, expressed concerns about children not understanding the privacy issues.

“We want to make sure that when it comes to the very important question of privacy, that the users of these websites are in control of their most personal information,” he said. “This is an evolutionary technology. There is a huge amount of benefit that comes from Facebook and companies like Facebook. But we have to be vigilant to protect the information that is in a sense personal.”

Facebook defended its privacy policies in a letter to Schumer before Tuesday’s news conference.

Elliot Schrage, Facebook’s vice president of global communications, said the changes allow for enhanced personalization and social activity while providing users with the ability to limit who is able to view their information.

“Facebook is designed to give people the tools to control their information online and our highest priority is to keep and build the trust of the more than 400 million people who use our service,” Schrage wrote. “These goals were central in the development of the new products we announced last week. Specifically, these new products and features are designed to enhance personalization and promote social activity across the Internet while continuing to give users unprecedented control over what information they share, when they want to share it, and with whom. All of Facebook’s partner sites interact with a user’s consent.”

Schumer also called on the FTC to streamline guidelines on all social networks to allow users to easily understand privacy settings when signing up for sites.

Peter Corbett, CEO of iStrategy Labs, said Facebook’s privacy policies are common among digital companies and websites.

“The onus is on the user to opt out of data collection for every major site,” said Corbett, whose firm consults for major brands on digital strategy.

Corbett noted that Google collects search information and Amazon collects a detailed analysis of what books and music its consumers are browsing to recommend other products.

“Most users probably don’t understand how to opt out, nor care,” Corbett said. “They want an easy way to buy books on Amazon or connect with friends on Facebook. We have sacrificed privacy for convenience.”

CNN has a business relationship with Facebook that allows CNN.com users to recommend and share stories with their Facebook friends. This kind of arrangement is not what the senators expressed concern about.

Many freelancers and consultants bring their laptops to Starbucks coffee shops, and treat it as their virtual office.

And it’s not just consumers and consultants who are adopting a mobile computing lifestyle.  Companies and government agencies are trying to become more agile and efficient, and increasingly are relying on productivity gains that come from a more mobile workforce.

According to industry analyst firm IDC, there will be over 1 billion mobile workers by 2011.  That means there will be at least 1 billion portable computing and storage devices that will contain work and personal data.  The overall productivity gains sound impressive, but have you ever thought about what could happen if one of those portable computing or storage devices were to be lost or stolen?

When you think about what is stored on your laptop, flash drive or smartphone, you might start to think twice about how you can improve the security of that information in case of loss or theft. Intellectual property, customer data and company financials are the top three concerns for data loss by companies.

The Ponemon Institute recently completed a survey of over 900 corporate users of information technology in US companies, and asked them about data loss from mobile computing devices:

• 43 percent have lost a device that contained company data.
• 32 percent of those people didn’t report the loss or theft in a timely fashion.
• USB flash drives (“thumb drives”) were the top item that was lost (33 percent), followed by CDs/DVDs (31 percent), BlackBerry’s or iPhone’s (20 percent) and laptop computers (5 percent).

Why you should be worried

It is human nature to think “it won’t happen to me.”  But the reality is that losing mobile devices happens more often than we think, and the impact to a company’s reputation and finances can be severe.

In October 2009, a laptop was stolen from Halifax Health.  That laptop contained the personal information of 33,000 patients.  Halifax Health had to notify all of those patients, and tell them to sign up for credit monitoring services.

Earlier in the month, the Virginia Department of Education announced that an employee had lost an unencrypted USB flash drive containing the personal information of 100,000 current and former students of Virginia Tech.  The State treated it as a serious data breach, and had to expend considerable resources to contact all 100,000 of those people.

Even the military can make mistakes. Lost flash drives from US military servicemen have been found for sale in street markets in Iraq.  In December 2009, a laptop was stolen from inside the United Kingdom’s Ministry of Defense.

It’s not just a businesses reputation that is at stake.  In January 2009, the U.S. Veterans Affairs Department agreed to pay $20 million to settle a class-action lawsuit filed by veterans over the risk of potential identity theft, when a VA laptop PC that contained their sensitive information was stolen in 2006.

Security firm McAfee estimates that losses of intellectual property, through lost and stolen devices, as well as Internet attacks, cost companies up to $1 trillion per year.

Can you keep the loss of data private?

If a private citizen has their laptop or smartphone stolen, they may simply suffer the expense of replacement and the hassle of restoring data from a backup.  However, employees of companies face a different set of circumstances if that lost device contains customer data.

California was one of the first states to pass a law, SB-1386, which requires companies to notify consumers should their data be lost or leaked.  Similar legislation has now been enacted in many other states.  In fact, in a survey of 323 IT managers and top executives, 79 percent of respondents stated that every day they work with data that, if lost, would by law require their organization to publicly notify potential victims.  Federal lawmakers are now discussing mandating data breach notifications as a Federal law.

The best way to protect yourself and your data, is with the use of encryption.  Encryption is a technology that scrambles the data on your laptop, phone or thumb drive, so that if the device is lost or stolen, only someone who knows the correct password can unlock the device and unscramble the data.  Encryption is built into the Apple Mac OSX.  It’s called FileVault, and it’s very easy to use.

Microsoft’s Windows 7 operating system also offers built-in encryption, called BitLocker.  There are also encryption options for many smartphones, and USB thumb drives like IronKey that offer embedded hardware-encryption capabilities.

Despite this wide availability of encryption technology, a recent report by InformationWeek showed that only 38 percent of companies encrypt data on portable devices.  This is an attitude that’s got to change.

Encrypting our mobile computing devices is something that companies and individuals alike must start to do.  Just like using a seatbelt and airbags, we hope that something bad won’t happen to us, but we’re all very glad to have the protection if something goes wrong.

By David Jevans, CEO, Iron Key

Jevans is CEO of IronKey, a Los Altos, Calif.-based maker of secure flash drives. He has spent more than 10 years in senior roles at Internet security concerns.

The digital revolution has changed the way the current generation carries out everyday tasks. But some say that convenience has come at the price of your privacy.

Your personal interests and where you shop is valuable data for companies that want to effectively target their direct marketing. And it’s not just a matter of companies recording your IP addresses and credit card swipes.

“Almost anything you do in today’s society involves leaving a track,” said Doug Klunder of the American Civil Liberties Union. He’s the director of the ACLU of Washington’s Privacy Project.
As you go about your daily routine, you inadvertently share more data than you realize.

“It starts the moment you get up,” Klunder said.

“Just moving around is tracked. If it’s on a bus, and you are paying with bus cards, that can be tracked. If you are driving your car, there are increasingly video cameras that recognize license plates. Anytime you have a cell phone on, it’s talking with cell towers and creating a record of where you are down to 100 feet.”

And that can put your personal information at a higher risk. Last year, more than 11 million U.S. consumers were victims of identity theft, according to an annual survey released last month by Javelin Strategy and Research. It found that the No. 1 targets are people 18 to 24.

Their salaries might be lower than the older, less digitally savvy generation, but they are more likely to share their personal information online. And that isn’t always a bad thing.

Private investigator Steve Rambam argues people are in a sense compensated for the personal information they divulge.

“The average American finds a very healthy acceptable balance between privacy and convenience, they give up some privacy and get a lot of convenience,” said Rambam, who regularly gives a talk at conferences titled, “Privacy is Dead: Get Over It!”

Rambam has become an expert using someone’s digital tracks to locate the person, whether they are a fugitive, a missing person or a writer that Rambam challenged to try and hide from him for a year.

Rambam found him nine times just from electronic bread crumbs he left, and the two are working on a book about the experience. It’s very hard to function in society and not leave those kinds of clues, Rambam said.

“If you want to have access to the largest, most fantastic marketplace in the world, eBay has to know what you have searched for,” Rambam said. “If you want to be able pull a phone out of your pocket and talk on it anytime you want, well, that phone reports where you are 24/7. If it’s a smart phone like an iPhone or an Android phone, it tell us where you eat, what books you buy, what restaurants you like.”

But is it possible for someone who truly wanted to go off the grid to avoid leaving any tracks? Frank Ahearn helps people who are desperate enough do just that.

“I teach people how to disappear,” Ahearn explained. For more than 20 years, Ahearn was a skip tracer; his job was to track down people who had skipped town. Then he realized there was opportunity in aiding people who didn’t want to be found.

Ahearn is something like a one-man witness protection program. For a fee, he helps people with personal or financial problems, but who are not wanted by law enforcement, vanish. He has also written a book, “How to Disappear.”

One of the people Ahearn said he helped disappear was a female attorney being threatened by a client who blamed her when he lost his case in court.

“He turned his anger on her, basically started throwing dead animals on her lawn,” Ahearn said. “The problem with stalkers is there are no boundaries. You don’t know where, how or if it’s going to end.”

In cases like those, Ahearn says he sets up new identities for people so they can’t be tracked down by someone like him.

“If I am looking for you, you have got some problems. But if I am helping you to get out of town, you’re going to be OK because I know what they are looking for,” he said. “The key is your old life and your new life never connect.”

But odds are it won’t be an easy life.

Evan Ratliff, a writer and editor for Wired Magazine, decided last year to test out the idea of living without leaving a trace. He dared his readers to find him. Ratliff moved across the country living under false identities, trying not to leave any electronic clues.

“I think in the first few hours of it I thought, ‘No one’s really paying attention, no one cares about this topic,’ ” Ratliff said. “Then the flood started.”

Dozens of strangers formed social media search parties and traded tips about so-called “Evan sightings.”

“One post after another, they had already started digging up information about me,” Ratliff said. “After about the first night, I was fully freaked out.”

He didn’t make it easy, using prepaid cell phones, physical disguises and software that masked his Internet usage.

Eventually he was tracked down in New Orleans, Louisiana, living under an assumed name, 2,000 miles from where he started.

Ratliff said paranoia and suspicion quickly set in when he was on the run. There was little romance to living like a fugitive, he said.

“It’s hard to let go of that idea that if you really did it right, you could end up on a beach in South America for the rest of your life drinking margaritas,” he said. “That’s always still there, but I think the actual process of living on the run in the United States — in the end, it’s almost never going to be worth it.”

1. Trust your instincts. If you don’t feel comfortable buying or bidding on an item over the web, or if you feel pressured to place your order immediately, maybe you shouldn’t.
2. Be knowledgeable about web-based auctions. Take special care to familiarize yourself not only with the rules and policies of the auction site itself but with the legal terms (warranties, refund policy, etc.) of the seller’s items that you wish to bid on.
3. Double check pricing. Be suspicious of prices that are too good to be true. Also consider carefully whether you may be paying too much for an item, particularly if you’re bidding through an auction site. You may want to comparison shop, online or offline, before you buy. Make sure there are not extra shipping or handling costs.
4. Find and read the privacy policy. Read the privacy policy carefully to find out what information the seller is gathering from you, how the information will be used, and how you can stop the process. If a site does not have a privacy policy posted, you may not want to do business with it. If it does have a privacy policy, there will probably be a link to it from the seller’s home page, or it could be included with the Legal Terms.
5. Review the return, refund, and shipping and handling policies as well as the other legal terms . If you can’t find them, ask the seller through an e-mail or telephone call to indicate where they are on the site or to provide them to you in writing.
6. Make sure the Internet connection is secure. Before you give your payment information, check for indicators that security software is in place.
7. Use the safest way to pay on the Internet. Pay for your order using a credit card.
8. Print the terms. You should print out and date a copy of terms, conditions, warranties, item description, company information, even confirming e-mails, and save them with your records of your purchase.
9. Insure the safe delivery of your item. If you’re concerned you may not be home when your package is delivered and that someone may take it if it is left on the doorstep, ask whether you can specify that the shipper must receive a signature before leaving the package. Or, it may be safer to have the package delivered to your office.
10. Inspect your purchase. Look at your purchase carefully as soon as you receive it. Contact the seller as soon as possible if you discover a problem with it. Tell the seller in writing about any problems you have, ask for a repair or refund, and keep a copy of your correspondence.

www.safeshopping .org

The privacy policy and terms of service of the hosting company should always be read carefully.  While generally lengthy and sometimes difficult to understand, they will provide a good outline of what the host can and cannot do with your information.  However, it is important to realize that most privacy policies and terms of service can and do change.  In fact, you may not have an opportunity to remove your information from the hosting site before such a change.

The location of the host’s operations can significantly impact a user’s rights under the law.  The location of the records might not be disclosed in the terms of service or might be changed without notice.  This could have substantial legal consequences.

Government investigators or civil litigants trying to subpoena information could approach the hosting company without informing the data’s owners.  The hosting company generally does not have the same motivation as the user to defend against disclosure of the information.

Some companies could even willingly share sensitive data with marketing firms. So there is a privacy risk in putting your data in someone else’s hands. Obviously, the safest approach is to maintain your data under your own control.

There is also a risk that the host might shut down its operations, declare bankruptcy, or sell the business to another provider.  What might happen to your data if that were to happen?

One of the problems with cloud computing is that technology is frequently light years ahead of the law.  There are many questions that need to be answered.  Does the user or the hosting company own the data?   Can the host deny a user access to their own data?   And, most importantly from a privacy standpoint, how does the host protect the user’s data?

So, before you utilize any cloud computing services, be aware of the potential risks.  And make sure that you carefully read the privacy policy and terms of service of the hosting company to become aware of your rights.

www.privacyrights.org

If you blog, there are no guarantees you’ll attract a readership of thousands. But at least a few readers will find your blog, and they may be the people you’d least want or expect. These include potential or current employers, coworkers, and professional colleagues; your neighbors; your spouse or partner; your family; and anyone else curious enough to type your name, email address or screen name into Google or Feedster and click a few links.

The point is that anyone can eventually find your blog if your real identity is tied to it in some way. And there may be consequences. Family members may be shocked or upset when they read your uncensored thoughts. A potential boss may think twice about hiring you. But these concerns shouldn’t stop you from writing. Instead, they should inspire you to keep your blog private, or accessible only to certain trusted people.

Here we offer a few simple precautions to help you maintain control of your personal privacy so that you can express yourself without facing unjust retaliation. If followed correctly, these protections can save you from embarrassment or just plain weirdness in front of your friends and coworkers.

Blog Anonymously

The best way to blog and still preserve some privacy is to do it anonymously. But being anonymous isn’t as easy as you might think.

Let’s say you want to start a blog about your terrible work environment but you don’t want to risk your boss or colleagues discovering that you’re writing about them. You’ll want to consider how to anonymize every possible detail about your situation. And you may also want to use one of several technologies that make it hard for anyone to trace the blog back to you.

1. Use a Pseudonym and Don’t Give Away Any Identifying Details
When you write about your workplace, be sure not to give away telling details. These include things like where you’re located, how many employees there are, and the specific sort of business you do. Even general details can give away a lot. If, for example, you write, “I work at an unnamed weekly newspaper in Seattle,” it’s clear that you work in one of two places. So be smart. Instead, you might say that you work at a media outlet in a mid-sized city. Obviously, don’t use real names or post pictures of yourself. And don’t use pseudonyms that sound like the real names they’re based on–so, for instance, don’t anonymize the name “Annalee” by using the name “Leanne.” And remember that almost any kind of personal information can give your identity away–you may be the only one at your workplace with a particular birthday, or with an orange tabby.

Also, if you are concerned about your colleagues finding out about your blog, do not blog while you are at work. Period. You could get in trouble for using company resources like an Internet connection to maintain your blog, and it will be very hard for you to argue that the blog is a work-related activity. It will also be much more difficult for you to hide your blogging from officemates and IT operators who observe traffic over the office network.

2. Use Anonymizing Technologies
There are a number of technical solutions for the blogger who wishes to remain anonymous.

Invisiblog.com is a service that offers anonymous blog hosting for free. You may create a blog there with no real names attached. Even the people who run the service will not have access to your name.

If you are worried that your blog-hosting service may be logging your unique IP address and thus tracking what computer you’re blogging from, you can use the anonymous network Tor to edit your blog. Tor routes your Internet traffic through what’s called an “overlay network” that hides your IP address. More importantly, Tor makes it difficult for snoops on the Internet to follow the path your data takes and trace it back to you.

3. Use Ping Servers
If you want to protect your privacy while getting news out quickly, try using ping servers to broadcast your blog entry for you. Pingomatic http://www.pingomatic.com is a tool that allows you to do this by broadcasting to a lot of news venues at once, while making you untraceable. The program will send out notice (a “ping”) about your blog entry to several blog search engines like Feedster and Technorati. Once those sites list your entry ñ which is usually within a few minutes ñ you can take the entry down. Thus the news gets out rapidly and its source can evaporate within half an hour. This protects the speaker while also helping the blog entry reach people fast.

4. Limit Your Audience
Many blogging services, including LiveJournal, allow you to designate individual posts or your entire blog as available only to those who have the password, or to people whom you’ve designated as friends. If your blog’s main goal is to communicate to friends and family, and you want to avoid any collateral damage to your privacy, consider using such a feature. If you host your own blog, you can also set it up to be password-protected, or to be visible only to people looking at it from certain computers.

5. Don’t Be Googleable
If you want to exclude most major search engines like Google from including your blog in search results, you can create a special file that tells these search services to ignore your domain. The file is called robots.txt, or a Robots Text File. You can also use it to exclude search engines from gaining access to certain parts of your blog. If you don’t know how to do this yourself, you can use the “Robots Text File Generator” tool for free at Web Tool Central . However, it’s important to remember that search engines like Google may choose to ignore a robots.txt file, thus making your blog easily searchable. There are many tools and tricks for making your blog less searchable, without relying on robots.txt.

6. Register Your Domain Name Anonymously
Even if you don’t give your real name or personal information in your blog, people can look up the WHOIS records for your domain name and find out who you are. If you don’t want anyone to do this, consider registering your domain name anonymously.

Blog Without Getting Fired

A handful of bloggers have recently discovered that their labors of love may lead to unemployment. By some estimates, dozens of people have been fired for blogging, and the numbers are growing every day.

The bad news is that in many cases, there is no legal means of redress if you’ve been fired for blogging. While your right to free speech is protected by the First Amendment, this protection does not shield you from the consequences of what you say. The First Amendment protects speech from being censored by the government; it does not regulate what private parties (such as most employers) do. In states with “at will” employment laws like California, employers can fire you at any time, for any reason. And no state has laws that specifically protect bloggers from discrimination, on the job or otherwise.

One way to make sure your blog doesn’t earn you a pink slip is to make sure that you write about certain protected topics. Most states have laws designed to prevent employers from firing people who talk openly about their politics outside of work, for example. Be warned that laws like this do vary widely from state to state, and many are untested when it comes to blogging.

1. Political Opinions
Many states, including California, include sections in their Labor Code that prohibit employers from regulating their employees’ political activities and affiliations, or influencing employees’ political activities by threatening to fire them. If you blog about membership in the Libertarian Party and your boss fires you for it, you might very well have a case against him or her.

2. Unionizing
In many states, talking or writing about unionizing your workforce is strongly protected by the law, so in many cases blogging about your efforts to unionize will be safe. Also, if you are in a union, it’s possible that your contract may have been negotiated in a way that permits blogging. Some states protect “concerted” speech about the workplace, which means that if two or more people start a blog discussing the conditions in their workplace, this activity could be protected under local labor laws.

3. Whistleblowing
Often there are legal shields to protect whistleblowers–people who expose the harmful activities of their employers for the public good. However, many people have the misconception that if you report the regulatory violations (of, say, toxic emissions limits) or illegal activities of your employer in a blog, you’re protected. But that isn’t the case. You need to report the problems to the appropriate regulatory or law enforcement bodies first. You can also complain to a manager at your company. But notify somebody in authority about the sludge your company is dumping in the wetlands first, then blog about it.

4. Reporting on Your Work for the Government
If you work for the government, blogging about what’s happening at the office is protected speech under the First Amendment. It’s also in the public interest to know what’s happening in your workplace, because citizens are paying you with their tax dollars. Obviously, do not post classified or confidential information.

5. Legal Off-Duty Activities
Some states have laws that may protect an employee or applicant’s legal off-duty blogging, especially if the employer has no policy or an unreasonably restrictive policy with regard to off-duty speech activities. For example, California has a law protecting employees from “demotion, suspension, or discharge from employment for lawful conduct occurring during nonworking hours away from the employer’s premises.” These laws have not been tested in a blogging context. If you are terminated for blogging while off-duty, you should contact an employment attorney to see what rights you may have.
Blog without Fear

Blogs are getting a lot of attention these days. You can no longer safely assume that people in your offline life won’t find out about your blog, if you ever could. New RSS tools and services mean that it’s even easier than ever search and aggregate blog entries. As long as you blog anonymously and in a work-safe way, what you say online is far less likely to come back to hurt you.
http://www.eff.org/wp/blog-safely

AFKGRKEBWH38

Last month Google posted, in time for the FTC Privacy Roundtable in Berkeley, the company’s Privacy Principles.   Moreover, Nicole Wong, Google’s Deputy General Counsel told the Roundtable audience:

“I’ll just be really clear: We compete on privacy. We do that in terms of trying to develop the best possible products that are privacy sensitive. We do that because we have an entire team of engineers specifically dedicated to privacy, and a cross-functional group that meets every week that involves everyone from engineers to policy people to legal people to talk about the biggest issues in privacy. We absolutely compete in this space.”

So let’s see how Google’s Privacy Principles reflect on Google Buzz:

• Use information to provide our users with valuable products and services. Buzz is a new kind of social aggregator, an attempt to pull together all your Google activities, including email, into a social stream to all of your contacts (not necessarily friends). Frankly, I was confused trying to understand how all of this aggregation works interconnecting the web, with Gmail, and on my iPhone. Which privacy choices apply where? Can I do global opt-outs from my iPhone and have them apply to the web?  I’m not the only one, check out Erik J. Heels’ graphical attempt to sort out the privacy issues and monetization opportunities.

• Develop products that reflect strong privacy standards and practices. The first launch of Google Buzz included a number of features that seem to be out of line with privacy standards, and consumer expectations.  CNET’s Molly Wood’s commentary underscores a number of the issues including the “auto follow.”  Now, to its credit, Google made a number of changes in response to the outcry (it turned off “auto follow” on Saturday) but it’s hard to understand how some of these initial decisions reflected the principle of strong privacy standards at the development level.

• Make the collection of personal information transparent. Transparency is difficult.  It was not clear to me how my information was going to be shared and with whom.  By comparison, Facebook’s recent changes to its privacy policy and settings were rolled out to users in a way that few could miss the choices and even that was hard to achieve.

• Give users meaningful choices to protect their privacy. The initial default setting for many Buzz features were public, including the auto-follow and connection to other Google services (such as Picasa and YouTube).  While this seems to reflect a somewhat laissez-faire attitude around privacy (as evidenced by Google’s CEO comment last December: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”), Google at least did implement tools around choice.  It’s just that they thought I want to share all my activity with everyone, all the time, everywhere.   In addition, meaningful choice means, among other things, reasonable access.  A New York Times’ article notes that the process of disabling Buzz and removing a public profile “some described as a game of whack-a-mole.”

• Be a responsible steward of the information we hold. Google’s announced changes to Buzz demonstrate that Google is listening to its users, press, and privacy bloggers.  However, we still don’t know how Google is engaging in 3^rd party review or dispute resolution, which are hallmarks of transparency, integrity, and responsibility around information stewardship.

As many of us in the privacy field know, the devil is in the details. While Google has developed (and surely intends to follow, we hope) its Privacy Principles, how it implements them, and the assumptions it makes about its users are going to be more telling.

Google is not a TRUSTe sealholder.  Notably, Google competitors including Facebook, Microsoft, and Yahoo are TRUSTe sealholders.  While TRUSTe is only one way to demonstrate transparency and accountability, we haven’t seen much from Google yet on this issue. What does this mean?

TRUSTe works with all of its clients to meet privacy best practices, resolve potential privacy issues and practices, ensure consumers have meaningful choices before sharing, and work directly with consumers through our dispute resolution program.  Just over 2 years ago, when Facebook launched the beacon program, we suggested, as did many others, changes to the program’s default settings.  Fortunately, Facebook responded quickly and Facebook has continued to take its privacy stewardship seriously.

We should expect Google to step up and at least show us the same commitment in implementing its own Privacy Principles.

By Fran Maier
President and Executive Chair
TRUSTe