The long-awaited BBBOnline privacy seal requires applicants to indicate when they gather consumers' sensitive information, how they use it, and how they protect it. Sites with the BBB privacy mark also must give Net users access to their records and let them "opt out" of giving up personal details such as name, phone number, or financial information.
Sites targeted at children will carry a different seal and must meet the marketing guidelines laid out by the Children's Advertising Review Unit of the BBB, and get parental permission before collecting data from those under age 12.
The BBBOnline will monitor sites for compliance, sometimes making random on-site visits.
"The program is about putting a trusted brand name on a Web site when they qualify under our standards for fair information practices," said Steve Cole, general counsel for BBBOnline. "This should give regulators a comfort level that the business community gets it and has done something that has teeth to it."
Self-regulatory plans have been criticized in the past by privacy advocates and U.S. officials for lacking strong enforcement. BBBOnline promised to meet this demand when it announced the program last summer.
The BBBOnline seal is similar to another well-known privacy "trustmark" on the market, TRUSTe, and the budding accreditation program WebTrust by the American Institute of Certified Public Accountants (AICPA), which represents the "Big Five" accounting firms.
Depending on gross sales, companies will pay from $150 to $3,000 per year to participate in BBBOnline. Its corporate sponsors, many of whom also support TRUSTe, have paid more than $50,000 each to help build the program. AT&T, Hewlett-Packard, Netscape Communications, and Microsoft are among the backers.
Still, even before it launched BBBOnline was lambasted by privacy groups for not exploiting its potential reach with the program.
For example, another BBBOnline program, its reliability seal, already is in place and has 2,300 participants. If a site carries that seal it means the BBBOnline has visited the company in person, among other checks, to ensure it can back up the services it is pitching on the Web.
However, Web sites that carry the reliability seal, and those who are BBB members in the offline world, will not be required to sign up for the privacy program. The organization estimates that 25 percent of its 270,000 members are on the Web. As of yet it has received just 300 applications so far for its privacy program.
"We have not at this time made a decision to require it, but we are taking steps to encourage it," Cole said. "If they qualify we are offering the privacy seal for free to reliability program members for a substantial time. We're also going to work with BBBs around the country to help them create marketing materials, while we reach out in the offline world through mailings, meetings and our Web site."
The BBBOnline program may catch on, and its brand is well known, but lawmakers may be losing patience with the industry.
Although the FTC was briefed about the BBBOnline program and is apparently pleased with the progress, Congress members already have introduced new bills this session to tighten computer users' privacy protections. And tomorrow, the Commerce Department will give a status report on its lengthy negotiations with EU officials.
The EU law will give citizens new control over their computerized personal data and prevent firms from exchanging the information with countries that do not provide "adequate" protection, such as letting people "opt out" and making clear who else will have access to the data.
The EU is dissatisfied with safe harbors proposed by the United States, which in many ways mirror programs like the BBBOnline. Among the sticking points is that the U.S. proposal doesn't give consumers adequate access to their data or proper recourse for abuses.
America Online, Walt Disney, and other companies said today that they won't endorse the plan to bring them in line with the EU privacy rules, either, according to reports.