SlideShare a Scribd company logo

Privacy Seals

Download as PPTX, PDF
acc626tan
acc626tan

By Andrew Tan For ACC 626

TechnologyBusiness
1 of 37
Privacy Seals Andrew Tan / ACC626
Introduction and Overview
Definition of a Privacy Seal “Identifiable symbol or logo, voluntarily displayed on a Web site, which graphically asserts that the site has implemented and complies with specified privacy practices” The importance of being identifiable Displayed on a Web site Purpose is to graphically assert something What is that “something”? Does it work? Frameworks governing the seals Do public accountants have a future with privacy seals?
Providers of Privacy Seals
What does it take? Any company or group can produce a “privacy seal” Missing characteristics to be effective? Must be identifiable Must provide visitors with confidence Three dominant privacy seal programs
Popularity of the seals Sealholders as of October 2006: TRUSTe is clearly dominant Why bother mentioning WebTrust?
Why bother mentioning WebTrust? Developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) Granted only by public accountants For example: Other seals developed by and granted by companies
Differences between seals Each seal has different roots Independently developed Awarded by organizations with differing goals Different process for obtaining seal Different “meaning” behind each seal TRUSTe Focus is on privacy WebTrust Comprehensive level of assurance
Effectiveness of Privacy Seals
Objectives of a seal For a visitor Obtain assurance over the privacy practices of a website Develop an accurate perception of the website For a website Give the user the perception of assurance Sway a visitor’s perception of the website favourably Key difference A website only wants a user’s perception to be favourable OK for visitor to be misinformed in reaching that conclusion
A hypothetical example A visitor contemplates making an online purchase She is concerned about the order being shipped out on the same day as the day her order is placed Processing integrity A seal like TRUSTe provides no assurance over this But, what if the visitor doesn’t know this?
A hypothetical example A seal must be identifiable to be effective TRUSTe has 2,598 sealholders, compared to 25 for WebTrust Visitors are more likely to come across TRUSTe seals during web browsing Which seal will the visitor trust more?
A hypothetical example Have the objectives been met? Website wants the visitor to be comfortable Comfort (positive perception) increases probability of making a sale Wants to achieve this efficiently and effectively TRUSTe is cheaper and creates a better perception of the website However, TRUSTe hasn’t actually provided the assurance that the visitor was looking for
The purpose of recent studies Three questions Do privacy seals have an effect on consumers? Do privacy seals work as intended? Can consumers can tell the difference between a “low-assurance” seal, such as TRUSTe, and a “high-assurance” seal, such as WebTrust?
Question 1: Do privacy seals have an effect on consumers? Do privacy seals actually influence a visitor to follow through with a purchase, or to create an account on a website? Do they build trust between the website and the visitor? That is, do privacy seals have value?
Studies on the First Question “The value added by a Web assurance seal on a company’s website is difficult to quantify” Studies between 2000 and 2006 largely positive “Companies can reduce their customers’ perceived privacy concerns about providing personal information” by using a privacy seal “A firm’s participation in a privacy seal program favourably influences customers’ perceptions of a Web site’s privacy policy” “Assurance seals have a positive effect on consumers’ purchasing behaviour” “Empirical tests found significant associations between the presence of seals and consumer purchasing behaviour”
Studies on the First Question Studies from 2007 onward largely negative “The existence of a privacy statement encouraged individuals to provide their personal information, but a privacy seal did not” Seals had “little influence on trusting beliefs” and that “accountants’ seals, in particular, were found to be equally ineffective as those issued by other providers” “The existence of a privacy seal did not affect individuals’ behaviour”
Question 2: Do privacy seals work as intended? Do visitors know the difference between the types of seals and what they represent? Do visitors know what is required to obtain the seals, and use this information to make an informed decision about whether to trust the website? That is, do visitors know the meaning behind the logo?
Studies on the Second Question Conclusions overwhelmingly one-sided “Although participants have a basic understanding about privacy seals and about the function of seals, quite a number of them did not know how a seal is obtained and failed to recognize non-genuine privacy seals” “Seals potentially meet some of the most acute consumer concerns, but that consumers have inadequate understandings about the seals, and low regard for them” “Consumers do not appear to completely understand what seals assure” “The premise of privacy seals such as TRUSTe and BBBOnline is widely misunderstood; they do not assure the user’s privacy but only vouch for the accuracy of the site’s privacy policy, and even that is arguable”
Question 3: Can consumers tell the difference? Related to Question 2 Considerable difference in the amount of resources required to obtain a WebTrust seal as compared to a TRUSTeseal WebTrust requires a commitment of funds and staff to support a full information systems audit TRUSTeonly requires monitoring over the Internet
Studies on the Third Question Different conclusions drawn from studies in same year Lala, Arnold, Sutton, and Guan (2002) “The impact of assurance seals varies with the different level of information quality. Individuals had a strong preference for a high information quality seal (i.e., WebTrust) over a low information quality seal (i.e., BBBOnLine)” Mauldin and Arunachalam (2002) Between WebTrust, TRUSTe, and VISA, “customers perceive no difference between [the] three providers of web assurance” “All seals equally impact consumers’ intent to purchase even though each seal addresses different dimensions of information risk”
Points of interest from the studies Chronological trends Earlier studies found that privacy seals were more valuable Able to influence visitor perception favourably Linking between positive perception and purchasing behaviour Later studies tend to the opposite Seals are secondary to privacy policies Why is this so? Shift in overall consumer acceptance of ecommerce Changing attitudes about privacy
Points of interest from the studies Form over substance Visitors do not know the meaning behind privacy seals Overwhelming majority of studies came to this conclusion Those that are influenced by privacy seals are more influenced by the perception of assurance, rather than any actual assurance offered by the seal As in the hypothetical example, the cheapest and most recognizable seal will provide the highest return on investment Obtaining an expensive, yet unrecognizable seal, will certainly result in negative returns, even though more assurance is provided
Points of interest from the studies Put two and two together Consumers may place additional reliance on high-assurance seals if they knew that the high-assurance seals provided stronger assurance But, they don’t know that So, as far as a visitor knows, all seals have the same value But, not all seals have the same value to a website The cheapest, most recognizable seal will do the best in terms of meeting the website’s objectives
Relevant Frameworks
Frameworks for WebTrust WebTrust developed based on Trust Services Includes a set of Generally Accepted Privacy Principles By conforming to GAPP, a website will meet the privacy objective developed by the AICPA/CICA: “Personal information is collected, used, retained, and disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA/CICA” Information systems audit required to obtain seal
Frameworks for WebTrust Generally Accepted Privacy Principles
Frameworks for TRUSTe TRUSTe has internally-developed requirements Focus solely on privacy practices “Core principles”: transparency, choice, accountability No audit necessary to obtain seal Website submits proof of policy compliance TRUSTe monitors compliance over the Internet
Impact on the Accounting Profession
History Public accountants developed WebTrust Joint effort between the CICA and the AICPA Limited success Faced strong criticism and calls for change So, should public accountants continue to be involved with privacy seals?
Arguments against involvement WebTrust clearly a failure 1/3 of top 500 websites had a privacy seal in 2001 None used WebTrust Market share negligible Failure of WebTrust due to multiple factors Lack of brand awareness; other companies abandoning the seal Steep prices for WebTrustaudits; no direct benefit for additional investment Inefficient method for awarding seals
Arguments for involvement Recommendations for continuing Practice standards should be at a minimum Integrated set of services Can provide services on top of web assurance Advisory services on ecommerce controls Help vendors support web seals
Conclusion and Recommendation
Fate of WebTrust Current trends Decreasing seal effectiveness Visitors unable to differentiate a low-assurance seal from a high-assurance one Cheaper, low-assurance seals will be more popular The public accounting profession developed and supports the costlier, high-assurance seal Will eventually be forced out of the market, by the market
Develop a new seal? “WebTrust Lite” Provide at low cost Damage to reputation Worth the effort?
Develop a new service? Advisory services Leverage skill set with controls and other business services Ready websites to meet the requirements set out by another seal Complementary to the market leader in privacy seals Avoids competition with the market leader Profession has proven that it is unable to handle that competition
Thank you

Recommended

Secret to Effective Digital Connection for Insurance Marketers
Secret to Effective Digital Connection for Insurance MarketersSecret to Effective Digital Connection for Insurance Marketers
Secret to Effective Digital Connection for Insurance Marketersedynamic
 
F2124451
F2124451F2124451
F2124451aijbm
 
Activating 1 to-1 Customer Service Relationships with Mobile
Activating 1 to-1 Customer Service Relationships with MobileActivating 1 to-1 Customer Service Relationships with Mobile
Activating 1 to-1 Customer Service Relationships with MobileWaterfall Mobile
 
Materiality Matters: New Approaches to Medieval Wax Seals Studies
Materiality Matters: New Approaches to Medieval Wax Seals StudiesMateriality Matters: New Approaches to Medieval Wax Seals Studies
Materiality Matters: New Approaches to Medieval Wax Seals StudiesThe-National-Archives
 
Understanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceUnderstanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceAIRCC Publishing Corporation
 
Understanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceUnderstanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceAIRCC Publishing Corporation
 
Trusting Beliefs And Online Purchase Decisions
Trusting Beliefs And Online Purchase DecisionsTrusting Beliefs And Online Purchase Decisions
Trusting Beliefs And Online Purchase Decisionsnathantearl
 
Boosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealBoosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealTRUSTe
 

Recommended

Secret to Effective Digital Connection for Insurance Marketers
Secret to Effective Digital Connection for Insurance MarketersSecret to Effective Digital Connection for Insurance Marketers
Secret to Effective Digital Connection for Insurance Marketersedynamic
 
F2124451
F2124451F2124451
F2124451aijbm
 
Activating 1 to-1 Customer Service Relationships with Mobile
Activating 1 to-1 Customer Service Relationships with MobileActivating 1 to-1 Customer Service Relationships with Mobile
Activating 1 to-1 Customer Service Relationships with MobileWaterfall Mobile
 
Materiality Matters: New Approaches to Medieval Wax Seals Studies
Materiality Matters: New Approaches to Medieval Wax Seals StudiesMateriality Matters: New Approaches to Medieval Wax Seals Studies
Materiality Matters: New Approaches to Medieval Wax Seals StudiesThe-National-Archives
 
Understanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceUnderstanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceAIRCC Publishing Corporation
 
Understanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceUnderstanding the Role of Customer Trust in E-Commerce
Understanding the Role of Customer Trust in E-CommerceAIRCC Publishing Corporation
 
Trusting Beliefs And Online Purchase Decisions
Trusting Beliefs And Online Purchase DecisionsTrusting Beliefs And Online Purchase Decisions
Trusting Beliefs And Online Purchase Decisionsnathantearl
 
Boosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealBoosting online conversions with the TRUSTe web privacy seal
Boosting online conversions with the TRUSTe web privacy sealTRUSTe
 
Privacy Seals in E-Commerce
Privacy Seals in E-CommercePrivacy Seals in E-Commerce
Privacy Seals in E-Commercecelarson
 
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...IRJET Journal
 
Ps16
Ps16Ps16
Ps16Can Erdem
 
Trust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaperTrust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaperAlex Todd
 
Online trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statementsOnline trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statementsRemove Search Results .com
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
Consumer engagement principles
Consumer engagement principlesConsumer engagement principles
Consumer engagement principlesdefault default
 
Legal challenges of big data
Legal challenges of big dataLegal challenges of big data
Legal challenges of big dataRoger Royse
 
Trust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology RiskTrust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology RiskSwatantra Kumar
 
Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008Tony Weber
 
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...Rajesh Jayaprakash
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsBlock Party
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Peter Bihr
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your CompanyZach Evans
 
Digital Disruption of Life Insurance
Digital Disruption of Life InsuranceDigital Disruption of Life Insurance
Digital Disruption of Life InsuranceKevin Pledge
 
A Sharing Economy
A Sharing EconomyA Sharing Economy
A Sharing EconomyTorque Data
 
PwC Trust Insight white paper
PwC Trust Insight white paper PwC Trust Insight white paper
PwC Trust Insight white paper Helen Tuddenham
 
Ps45
Ps45Ps45
Ps45Can Erdem
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

More Related Content

Similar to Privacy Seals

Privacy Seals in E-Commerce
Privacy Seals in E-CommercePrivacy Seals in E-Commerce
Privacy Seals in E-Commercecelarson
 
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...IRJET Journal
 
Trust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaperTrust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaperAlex Todd
 
Online trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statementsOnline trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statementsRemove Search Results .com
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
Consumer engagement principles
Consumer engagement principlesConsumer engagement principles
Consumer engagement principlesdefault default
 
Legal challenges of big data
Legal challenges of big dataLegal challenges of big data
Legal challenges of big dataRoger Royse
 
Trust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology RiskTrust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology RiskSwatantra Kumar
 
Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008Tony Weber
 
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...Rajesh Jayaprakash
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsBlock Party
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Peter Bihr
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your CompanyZach Evans
 
Digital Disruption of Life Insurance
Digital Disruption of Life InsuranceDigital Disruption of Life Insurance
Digital Disruption of Life InsuranceKevin Pledge
 
A Sharing Economy
A Sharing EconomyA Sharing Economy
A Sharing EconomyTorque Data
 
PwC Trust Insight white paper
PwC Trust Insight white paper PwC Trust Insight white paper
PwC Trust Insight white paper Helen Tuddenham
 

Similar to Privacy Seals (20)

Privacy Seals in E-Commerce
Privacy Seals in E-CommercePrivacy Seals in E-Commerce
Privacy Seals in E-Commerce
 
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
Trust in E-Business based on Website Quality, Brand Name, and Security and Pr...
 
Ps16
Ps16Ps16
Ps16
 
Trust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaperTrust Enabled Supply Networks - whitepaper
Trust Enabled Supply Networks - whitepaper
 
Online trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statementsOnline trust and perceived utility for consumers of web privacy statements
Online trust and perceived utility for consumers of web privacy statements
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
 
Consumer engagement principles
Consumer engagement principlesConsumer engagement principles
Consumer engagement principles
 
Legal challenges of big data
Legal challenges of big dataLegal challenges of big data
Legal challenges of big data
 
Trust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology RiskTrust by Design: Rethinking Technology Risk
Trust by Design: Rethinking Technology Risk
 
Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008Insurance.com Proposed Strategy 12/2008
Insurance.com Proposed Strategy 12/2008
 
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - ...
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teams
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Program
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your Company
 
Digital Disruption of Life Insurance
Digital Disruption of Life InsuranceDigital Disruption of Life Insurance
Digital Disruption of Life Insurance
 
A Sharing Economy
A Sharing EconomyA Sharing Economy
A Sharing Economy
 
PwC Trust Insight white paper
PwC Trust Insight white paper PwC Trust Insight white paper
PwC Trust Insight white paper
 
Ps45
Ps45Ps45
Ps45
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Privacy Seals

  • 1. Privacy Seals Andrew Tan / ACC626
  • 3. Definition of a Privacy Seal “Identifiable symbol or logo, voluntarily displayed on a Web site, which graphically asserts that the site has implemented and complies with specified privacy practices” The importance of being identifiable Displayed on a Web site Purpose is to graphically assert something What is that “something”? Does it work? Frameworks governing the seals Do public accountants have a future with privacy seals?
  • 5. What does it take? Any company or group can produce a “privacy seal” Missing characteristics to be effective? Must be identifiable Must provide visitors with confidence Three dominant privacy seal programs
  • 6. Popularity of the seals Sealholders as of October 2006: TRUSTe is clearly dominant Why bother mentioning WebTrust?
  • 7. Why bother mentioning WebTrust? Developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) Granted only by public accountants For example: Other seals developed by and granted by companies
  • 8. Differences between seals Each seal has different roots Independently developed Awarded by organizations with differing goals Different process for obtaining seal Different “meaning” behind each seal TRUSTe Focus is on privacy WebTrust Comprehensive level of assurance
  • 10. Objectives of a seal For a visitor Obtain assurance over the privacy practices of a website Develop an accurate perception of the website For a website Give the user the perception of assurance Sway a visitor’s perception of the website favourably Key difference A website only wants a user’s perception to be favourable OK for visitor to be misinformed in reaching that conclusion
  • 11. A hypothetical example A visitor contemplates making an online purchase She is concerned about the order being shipped out on the same day as the day her order is placed Processing integrity A seal like TRUSTe provides no assurance over this But, what if the visitor doesn’t know this?
  • 12. A hypothetical example A seal must be identifiable to be effective TRUSTe has 2,598 sealholders, compared to 25 for WebTrust Visitors are more likely to come across TRUSTe seals during web browsing Which seal will the visitor trust more?
  • 13. A hypothetical example Have the objectives been met? Website wants the visitor to be comfortable Comfort (positive perception) increases probability of making a sale Wants to achieve this efficiently and effectively TRUSTe is cheaper and creates a better perception of the website However, TRUSTe hasn’t actually provided the assurance that the visitor was looking for
  • 14. The purpose of recent studies Three questions Do privacy seals have an effect on consumers? Do privacy seals work as intended? Can consumers can tell the difference between a “low-assurance” seal, such as TRUSTe, and a “high-assurance” seal, such as WebTrust?
  • 15. Question 1: Do privacy seals have an effect on consumers? Do privacy seals actually influence a visitor to follow through with a purchase, or to create an account on a website? Do they build trust between the website and the visitor? That is, do privacy seals have value?
  • 16. Studies on the First Question “The value added by a Web assurance seal on a company’s website is difficult to quantify” Studies between 2000 and 2006 largely positive “Companies can reduce their customers’ perceived privacy concerns about providing personal information” by using a privacy seal “A firm’s participation in a privacy seal program favourably influences customers’ perceptions of a Web site’s privacy policy” “Assurance seals have a positive effect on consumers’ purchasing behaviour” “Empirical tests found significant associations between the presence of seals and consumer purchasing behaviour”
  • 17. Studies on the First Question Studies from 2007 onward largely negative “The existence of a privacy statement encouraged individuals to provide their personal information, but a privacy seal did not” Seals had “little influence on trusting beliefs” and that “accountants’ seals, in particular, were found to be equally ineffective as those issued by other providers” “The existence of a privacy seal did not affect individuals’ behaviour”
  • 18. Question 2: Do privacy seals work as intended? Do visitors know the difference between the types of seals and what they represent? Do visitors know what is required to obtain the seals, and use this information to make an informed decision about whether to trust the website? That is, do visitors know the meaning behind the logo?
  • 19. Studies on the Second Question Conclusions overwhelmingly one-sided “Although participants have a basic understanding about privacy seals and about the function of seals, quite a number of them did not know how a seal is obtained and failed to recognize non-genuine privacy seals” “Seals potentially meet some of the most acute consumer concerns, but that consumers have inadequate understandings about the seals, and low regard for them” “Consumers do not appear to completely understand what seals assure” “The premise of privacy seals such as TRUSTe and BBBOnline is widely misunderstood; they do not assure the user’s privacy but only vouch for the accuracy of the site’s privacy policy, and even that is arguable”
  • 20. Question 3: Can consumers tell the difference? Related to Question 2 Considerable difference in the amount of resources required to obtain a WebTrust seal as compared to a TRUSTeseal WebTrust requires a commitment of funds and staff to support a full information systems audit TRUSTeonly requires monitoring over the Internet
  • 21. Studies on the Third Question Different conclusions drawn from studies in same year Lala, Arnold, Sutton, and Guan (2002) “The impact of assurance seals varies with the different level of information quality. Individuals had a strong preference for a high information quality seal (i.e., WebTrust) over a low information quality seal (i.e., BBBOnLine)” Mauldin and Arunachalam (2002) Between WebTrust, TRUSTe, and VISA, “customers perceive no difference between [the] three providers of web assurance” “All seals equally impact consumers’ intent to purchase even though each seal addresses different dimensions of information risk”
  • 22. Points of interest from the studies Chronological trends Earlier studies found that privacy seals were more valuable Able to influence visitor perception favourably Linking between positive perception and purchasing behaviour Later studies tend to the opposite Seals are secondary to privacy policies Why is this so? Shift in overall consumer acceptance of ecommerce Changing attitudes about privacy
  • 23. Points of interest from the studies Form over substance Visitors do not know the meaning behind privacy seals Overwhelming majority of studies came to this conclusion Those that are influenced by privacy seals are more influenced by the perception of assurance, rather than any actual assurance offered by the seal As in the hypothetical example, the cheapest and most recognizable seal will provide the highest return on investment Obtaining an expensive, yet unrecognizable seal, will certainly result in negative returns, even though more assurance is provided
  • 24. Points of interest from the studies Put two and two together Consumers may place additional reliance on high-assurance seals if they knew that the high-assurance seals provided stronger assurance But, they don’t know that So, as far as a visitor knows, all seals have the same value But, not all seals have the same value to a website The cheapest, most recognizable seal will do the best in terms of meeting the website’s objectives
  • 26. Frameworks for WebTrust WebTrust developed based on Trust Services Includes a set of Generally Accepted Privacy Principles By conforming to GAPP, a website will meet the privacy objective developed by the AICPA/CICA: “Personal information is collected, used, retained, and disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA/CICA” Information systems audit required to obtain seal
  • 27. Frameworks for WebTrust Generally Accepted Privacy Principles
  • 28. Frameworks for TRUSTe TRUSTe has internally-developed requirements Focus solely on privacy practices “Core principles”: transparency, choice, accountability No audit necessary to obtain seal Website submits proof of policy compliance TRUSTe monitors compliance over the Internet
  • 29. Impact on the Accounting Profession
  • 30. History Public accountants developed WebTrust Joint effort between the CICA and the AICPA Limited success Faced strong criticism and calls for change So, should public accountants continue to be involved with privacy seals?
  • 31. Arguments against involvement WebTrust clearly a failure 1/3 of top 500 websites had a privacy seal in 2001 None used WebTrust Market share negligible Failure of WebTrust due to multiple factors Lack of brand awareness; other companies abandoning the seal Steep prices for WebTrustaudits; no direct benefit for additional investment Inefficient method for awarding seals
  • 32. Arguments for involvement Recommendations for continuing Practice standards should be at a minimum Integrated set of services Can provide services on top of web assurance Advisory services on ecommerce controls Help vendors support web seals
  • 34. Fate of WebTrust Current trends Decreasing seal effectiveness Visitors unable to differentiate a low-assurance seal from a high-assurance one Cheaper, low-assurance seals will be more popular The public accounting profession developed and supports the costlier, high-assurance seal Will eventually be forced out of the market, by the market
  • 35. Develop a new seal? “WebTrust Lite” Provide at low cost Damage to reputation Worth the effort?
  • 36. Develop a new service? Advisory services Leverage skill set with controls and other business services Ready websites to meet the requirements set out by another seal Complementary to the market leader in privacy seals Avoids competition with the market leader Profession has proven that it is unable to handle that competition

Editor's Notes

  1. Hello, ladies and gentlemen. I’m Andrew Tan.In this slidecast, we’ll be taking a look into Privacy Seals
  2. So, let’s start with a quick introduction and overview of this slidecast.
  3. A privacy seal is an “identifiable symbol or logo, voluntarily displayed on a Web site, which graphically asserts that the site has implemented and complies with specified privacy practices”.Now, there are several components to this definition that are of importance.First, for seals to have any effect on website visitors, the symbol used as the seal must be identifiable. If visitors do not recognize the symbol or do not associate it with stringent privacy requirements, visitors will not know that the seal asserts anything at all. For this reason, the market for privacy seals is controlled by a few major players.The main factor that makes privacy seals attractive to websites is the ability to graphically assert something. The ease in which a website would be able to convey an image of trustworthiness to visitors is something that businesses value.For a seal to not only convey a sense of trustworthiness, but to also represent privacy compliance, there must be regulations with which a website must comply to earn the seal. We’ll be taking a closer look at some of these frameworks later.Finally, in the past, public accountants have attempted to provide privacy seals. We’ll take a look into a bit of the past, and talk about the future of public accountants and web assurance.
  4. Now, let’s take a look at the providers of privacy seals.
  5. Virtually any company or group can provide what they deem to be a privacy seal.However, as mentioned, seals must be identifiable and should provide a website visitor with a level of confidence regarding the privacy practices of the website.For this reason, although any company can provide seals, there are only a few players that are widely entrusted to do soThe three dominant privacy seal programs are TRUSTe, BBBOnLine, and WebTrust.
  6. As of October 2006, we note that the majority of companies using privacy seals use TRUSTe or BBBOnLine, with TRUSTe being dominant.So, why does WebTrust deserve to be mentioned in the same sentence as its competitors?
  7. WebTrust was developed by and is granted by public accountants.This is different from other seals, which were developed by and granted by companies.
  8. The actual meaning of the seal differs between the three providers. Each seal provides a different level of assurance.For example, TRUSTe focuses solely on privacy, whereas WebTrust covers system security, availability, and processing integrity.The process for obtaining each seal differs as well.For TRUSTe, only electronic monitoring of compliance with its requirements and policies is required.Compare this to WebTrust, where a full information systems audit by a public accountant is required to obtain the sealDue to this stringent requirement, WebTrust seals are more difficult to obtain, as well as more expensive to obtainAs such, website visitors would need to be fully informed as to what each seal offers in order to rightfully obtain confidence over a website’s privacy practices
  9. Now, let’s take a look at the effectiveness of privacy seals.
  10. A privacy seal is effective if it meets the objectives for obtaining a seal.A visitor’s objective is to obtain comfort over a website’s privacy practices from the seal, so that they can make an accurate assessment about whether to trust the website.On the other hand, a website’s ultimate goal is to make a sale. To do this, they must gain a visitor’s confidence.A website is not concerned about whether the visitor has made an accurate assessment or not. It is only concerned with getting the visitor to perceive the website favourably.So, as far as a website is concerned, a seal does not need to give a visitor the level of comfort they would demand if they were fully informed.Instead, a seal just needs to offer visitors the perception of such
  11. Now, a hypothetical example.Consider a website visitor who is contemplating making an online purchase.She is concerned about her order being shipped out on the same business day, as promised by the website.A TRUSTe seal provides absolutely no assurance over such matters, but if the visitor is oblivious to this, displaying a TRUSTe seal will boost her perception of the website as much as a WebTrust seal, which does provide assurance over such matters.
  12. Further, recall that a seal must be identifiable for it to be effective.Also recall that there were 2,600 TRUSTesealholders, as compared to 25 WebTrustsealholders. As such, TRUSTe seals are much more identifiable than WebTrust seals, as visitors are more likely to come across TRUSTe seals in their web browsing.So, if our visitor was not well informed as to the type of assurance that each seal provides, she would incorrectly believe that a TRUSTe seal provides more assurance over the timeliness of order processing than a WebTrust seal.
  13. Consider our example from the perspective of the website.The website wants the visitor to be comfortable with the website’s policies to entice her to place an order.The website will want to achieve this in the most efficient and effective way possible.A TRUSTe seal, though actually not providing the visitor with the correct type of assurance, is both cheaper and creates a better perception of the website for the visitor, meeting all of the website’s objectives.
  14. So, we move on to some recent studies.These studies have focused on three questions.One. <Read question>, Two, <Read question>, and Three, <Read question>
  15. The first question is: do privacy seals have an effect on consumers?That is, do privacy seals have value?
  16. It was noted that the value added by a Web assurance seal on a company’s website is difficult to quantifyStudies between 2000 and 2006 were largely positive.
  17. Interestingly, studies from 2007 onward were quite the opposite.Conclusions included:Seals had “little influence on trusting beliefs”…and, quite bluntly…“The existence of a privacy seal did not affect individuals’ behaviour”
  18. The second question is: do privacy seals work as intended?That is, do visitors know the meaning behind the logo?
  19. Conclusions from studies on this question were overwhelmingly one-sided.Studies found that “consumers have inadequate understandings about the seals”.A particularly frightening conclusion from a study was that participants “failed to recognize non-genuine privacy seals”.This really puts into perspective, how little consumers actually know about privacy seals.
  20. An third question to investigate, related to the second question, is whether consumers can tell the difference between a “low-assurance” seal, such as TRUSTe, and a “high-assurance” seal, such as WebTrust.
  21. Differing conclusions were drawn with regard to the third question.Two studies, both performed in 2002, reached opposite conclusions.
  22. An interesting trend to note is that earlier studies tended towards finding privacy seals to be effective and more valuable, finding seals to be able to influence visitor perception favourably. However, more recent studies have tended towards the opposite.This could be due to a shift in overall consumer acceptance of ecommerce and changing attitudes about privacy.In the early 2000s, stories about privacy problems were not as prevalent in mainstream news.As such, consumers were more likely to accept a privacy seal as adequate without knowing the meaning behind the seal.In today’s world, privacy concerns are more prevalent and consumers are aware of the level of privacy that they are entitled to.As such, more consumers appear to be demanding explicit privacy policies on websites, and fewer are willing to accept a logo as sufficient assurance over privacy.
  23. Another point of interest is that studies overwhelmingly confirm the belief that visitors do not know the meaning behind privacy seals, and those that are influenced by privacy seals are more influenced by the perception of assurance, rather than any actual assurance offered by the seal.Further, as trends currently lead us to believe, seals are not as influential and effective as once thought.As such, businesses would be well-advised to adopt the cheapest, most well-recognized low-assurance seal, as it would have more influence over consumer trust than a more expensive but less-recognized high-assurance seal
  24. From the results of the third question, it would appear that studies are inconclusive as to whether consumers place additional reliance on high-assurance seals.However, when analyzed in conjunction with the results of the second question, we can conclude that consumers may place additional reliance on high-assurance seals if they knew that the high-assurance seals provided stronger assurance.But, since the results of the second question indicate that consumers generally cannot differentiate between seals, it would appear that all seals have approximately the same value to the general consumer.
  25. Now, let’s take a look at privacy seal frameworks.
  26. WebTrust was developed based on the Trust Services framework, as developed by the AICPA and CICA.The Trust Services framework includes a set of Generally Accepted Privacy Principles, which must be met by a website in order to earn a WebTrust sealThe GAPP sub-framework was developed based on an objective for websites with regards to their privacy practices.By conforming to GAPP, a website will have met the objective.And, as noted before, an information systems audit is required to obtain the WebTrust seal
  27. This slide has the ten Generally Accepted Privacy Principles.Review the principles at your leisure.
  28. TRUSTe has developed its own set of requirements for earning a seal.These requirements focus solely on the privacy practices of websites, and are structured around three “core principles”: transparency, choice, and accountability .Unlike WebTrust, which requires a public accountant to physically visit the location of the business and conduct an information systems audit, TRUSTe only requires that the website initially submit proof of its practices.TRUSTe will then monitor compliance over the Internet.
  29. Now, let’s take a look at privacy seals and their impact on the accounting profession.
  30. Currently, the public accounting profession in Canada and the United States is involved with web assurance through Trust Services and its associated seal, WebTrust. As previously mentioned, the framework was developed by the CICA and the AICPA.Only public accountants are licensed to perform WebTrust audits and award WebTrust seals to websites.WebTrust has seen limited success, which raises the question: Should accountants continue to be involved with privacy seals?
  31. Critics note that WebTrust was clearly a failure, with none of the top 500 websites holding the seal, even though a third of those websites had seals.Further, as pointed out before, WebTrust’s market share is negligible.Critics have given three overwhelming reasons for the failure of WebTrust.First, lack of brand awareness, combined with other companies abandoning the seal, has lowered the ability of WebTrust to be identifiable.Second, WebTrust audits are expensive, with no direct benefit associated with the additional investment.Lastly, when compared with TRUSTe, WebTrust has an inefficient process for awarding seals by requiring an audit.
  32. However, some do argue that there should be continuing involvement in web assurance.Instead of regulating WebTrust as a product, it was recommended that the AICPA and CICA only set a minimum level of practice standards, so that individual firms can differentiate their offerings.Also, it was recommended that public accounting firms should seek to provide an “integrated set of services” that includes web assurance, as opposed to making web assurance the core product.Because public accountants are skilled in areas such as tax and internal controls, such a set of services would be more marketable than web assurance alone, and that providers of TRUSTe and other non-accountant seals would not be able to match such a product offeringFurther to this point, a recent 2009 study recommended that “vendors should design strong controls within ecommerce information systems that support” web assurance.With this argument, the public accounting profession can not only offer web assurance services, but can also provide advisory services on ecommerce controls in order to help vendors support web sealsThat is, Public accountants should not only offer web assurance services, but also provide advisory work on controls as part of a larger set of integrated services. Such services will be more marketable to businesses that see a potential benefit in having a privacy seal
  33. Finally, a conclusion and some recommendations.
  34. The trend of decreasing seal effectiveness, coupled with visitors being unable to differentiate a low-assurance seal from a high-assurance one, means that cheaper, low-assurance seals will be more popular.The public accounting profession, which has developed the costlier, high-assurance seal, will eventually be forced out of the market by the market.
  35. It would appear to make sense for public accountants to develop a seal that can be provided at a low cost in order to compete with other seals like TRUSTe. However, such a solution would be problematic, as accountants must maintain a reputation for high quality in assurance.Further, web assurance has never been a core product, and any additional resources committee to fixing this broken product may be misplaced.
  36. Instead, the public accounting profession should attempt to be involved in web assurance through the provision of advisory services.As suggested, accountants can leverage their skill set with controls and other business services to ready websites to meet the requirements set out by another seal, such as TRUSTe.Such a service would be complementary to the market leader in privacy seals, avoiding the competition that the profession has been unable to manage in the past.
  37. We have reached the end of the slidecast.Whether in the capacity of a public accountant or a company’s management, I hope that when the opportunity arises for you to make a decision about privacy seals, you’ll come back to this slidecast to review the facts and recommendations.I’d like to thank you for your continued attention, and I hope that this slidecast has been informative and educational.