TrustArc Blog

TRUSTe’s Privacy-by-Design Guidelines

March 02, 2012

Kevin Trilli | TRUSTe
VP Product

Joanne Furtsch| TRUSTe
Dir. Product Policy

Photo Credit

The concept of privacy-by-design was first introduced by the Canadian Privacy Commissioner Ann Cavoukian as early as in 1990s. Since then, the importance of it in business has only increased over time. Almost every week, we see companies of all sizes in the news because of some privacy issue.  this often times creates brand and reputational damage for these companieseven when the facts are not as alleged.

Assuming most companies are not intentionally doing things wrong, what is happening?  The privacy landscape is changing.  A combination of governmental, media and academic pressure is changing the way privacy is monitored by the community at large.  There are now experts that are proactively looking for violations and using the mainstream media to get their message out quickly in a way to evoke change.  It is no longer the average consumer you need to consider in your risk calculation.

So what is really needed to achieve privacy-by-design? TRUSTe has been helping companies to do it since 1997. In this blog I list seven principles when incorporating Privacy by Design into.your product design process.

Proactive approach

Consider privacy at the design stage looking at things such as how much information you are collecting and assessing whether you are collecting more information than what is necessary to achieve your business goals.

Incorporating privacy at design stage will reap benefits down the road in terms of earning the trust of your consumers, and potentially keeping your company from incurring the unexpected costs associated with not taking privacy into account.  An example of company that had a promising future but did not take privacy into account at the design stage is Ringleader. RingLeader was forced to shut down because they didn’t incorporate privacy into their, otherwise very promising, MediaStamp advertising technology.


Tell your consumers what you.  Explain your information and collection practices in an easy to understand notice.  Most companies typically do this through a privacy policy explaining what information you collect, how it is used, and what third parties that information is disclosed to.

The privacy policy should be easy to find such as making it accessible where you request information such as on an order form.  The privacy policy should also be formatted so it is easy to read through the device the consumer is accessing it from.  For example, if the consumer is accessing your policy through a mobile app, the policy should be optimized for viewing through a mobile device.


Provide consumers mechanisms by which to express their preferences over how the information you collect from them is used, and access that information to correct, updated, and/or delete it.  Examples of some of the types of controls you can provide to consumers:

  • If you collect behavioral data to provide targeted advertising, you should give consumers an easy and effective way to express their preference to recieve targeted ads. (see TRUSTe Trusted Ads program).
  • If you collect personally-identifiable information, your company should provide a way a user to correct his/her profile or remove it (see TRUSTe Privacy Seal Program).
  • If you distribute software, consumers should have consented to install the softare and then uninstall it completely from their systems (see TRUSTe Trusted Download Program).


There are two types of Accountability: Accountability to your consumers, as well as Accountability within your organization.  Posting a privacy policy outlining your privacy practices and giving consumers a mechanism to voice privacy-related concerns are a couple of ways your company can hold itself accountable to consumers.  Put in place mechanisms that verifies whether your company is complying with its data controls and policies.

Another layer if accountability is having an independent third party review and verify that your actual privacy practices are consistent and comply with stated practices.  A third party seal is a good outward indicator that communicates your company’s commitment to privacy and that your company is willing to hold itself accountable to its privacy promises.

Data Management

Make user you have the processes in place to not only mange the data you collect but also to comply with your stated privacy promises.  Things to consider:

  • Employee training: such as customer service representatives, who access collected information in order to perform their job function
  • Data Retention Policies:  how long you need to retain the information you collect.  Processes should be in place to periodically purge out-of-date or inactive customer records
  • Security Measures:  what measures are in place to protect collected information.  Consider things such as how you will protect systems from vulnerabilities, whether information needs to be stored in an encrypted format, and who requires access based upon job function.

The processes put in place should be appropriate for size of your business and the level of sensitivity of the information you collect and store on your systems.  If you collect and store sensitive information like credit card numbers, you will need to take more stringent measures to protect that information then a company that collects only email addresses.

Partner and vendor management

Know who you work with.  Have processes in place to review potential partners and vendors your company uses to provide services such as hosting, payment processing, email management, and advertising.  These companies should have policies in place that are similar to yours to ensure the information you entrust to them is processed in a responsible manner.  Ultimately your company is responsible for the information it collects, and this includes third parties that are processing information on your company’s behalf.

Develop criteria and have processes in place to review potential partners and vendors looking at how they process and protect the information that will be provided to these companies.

Respect for users

Your consumers are the reason shy you have a business.  They trust you will process their information for the purposes you stated in your privacy policy and do that in a responsible manner.  Trust is something that is built over time but can be lost in an instant.  Your consumers might forgive you for one mistake but won’t be so forgiving them next time around.  One way to make sure you retain that trust is that you start to earn it from the outset – when you are designing your product or service.

Privacy-by-design is harder than it seems. Largely this is because your company should think about it and invest into it in advance, before it founds itself in a Wall Street Journal article or in under investigation by a government regulator. Your company should  take steps to create a privacy policy that accurately describes your privacy practices, effective consumer control mechanisms to allow consumers exercise their preferences over how their information is used, and processes to manage and protect the information you collect. Furthermore, you should work only with trusted partners who do all the above.