Frequently Asked Questions

1. Why should I consider PrivaTrust for my e-commerce web site, instead of the other internet assurance seals?

2. I've heard of TRUSTe and BBB-Online — Why might PrivaTrust be a better choice?

3. What action can consumers take in the event of a conflict or complaint against a PrivaTrust-certified web site?

4. Is PrivaTrust used only for e-commerce web sites?

5. What information is contained in a PrivaTrust Auditors' Report?

6. How much does PrivaTrust certification cost?

7. Do web consumers really care that much about internet privacy assurance?

8. Who administers the PrivaTrust internet privacy assurance program?

1. Why should I consider PrivaTrust for my e-commerce web site, instead of the other internet assurance seals?

   PrivaTrust is the only privacy certification seal (or plate) that is issued following a site audit and can be withdrawn should a site no longer meet qualifications. Other certification standards are little more than self-declared statements of good intentions, and not backed by the third-party verification of an accounting firm.

   See this comparison table that shows how other seals compare to PrivaTrust.

   > top of list

2. I've heard of TRUSTe and BBB-Online — Why might PrivaTrust be a better choice?

   There are many fundamental differences. This comparison table shows a quick checklist of issues that place PrivaTrust at the head of the pack.

   When evaluating the other assurance seals it is important to make sure they meet the following high-level criteria:

   • They are held accountable by a professional association.
   • They disclose their standards for bestowing the online seal.
   • They use a rigorous method for measuring compliance to stated standards.
   • They review companies awarded seals, at least three times a year.
   • They demand more than just fees and an application form before granting a seal.

   Only PrivaTrust meets this complete list of essential requirements.

   > top of list

3. What action can consumers take in the event of a conflict or complaint against a PrivaTrust-certified web site?

   eResolution is the consumer recourse initiative supported by PrivaTrust. eResolution was developed by the Public Law Research Center of the University of Montreal. It is an innovative service for the prevention and resolution of conflicts arising in cyberspace by recourse to electronic mediation and arbitration. eResolution has the ability to mediate and arbitrate consumer issues around the world. All mediation is performed with complete confidentiality, using experts who participate online.

   — Visit the eResolution web site.

   > top of list

4. Is PrivaTrust used only for e-commerce web sites?

   No, the PrivaTrust plate can be issued for web sites that handle any kind of personal information submitted by web surfers and web consumers. This includes non-financial sites such as community portals and corporate sites, as well as traditional e-commerce web sites, virtual storefronts, and transactional sites.

   > top of list

5. What information is contained in a PrivaTrust Auditors' Report?

   The PrivaTrust Auditors' Report is a key document that details the terms and limitations of the internet privacy audit process that the accountants undertake.

   Below is a sample report for a fictitious PrivaTrust client, Lakeshore Medical Center:
   
   

   To: The Management of Lakeshore Medical Center       We have audited Lakeshore Medical Center's disclosure of its privacy and information protection practices on its web site and the effectiveness of its controls over these practices (at http://LakeshoreMedical.com/) during the period of April 1, 1999 through June 30, 1999. These privacy and information protection disclosures and controls are the responsibility of Lakeshore Medical Center's management. Our responsibility is to express an opinion on the conformity of those disclosures and controls with the privacy and information protection criteria from the CICA/AICPA WebTrust criteria based on our audit.       We conducted our audit in accordance with standards for assurance engagements established by the Canadian Institute of Chartered Accountants. Those standards require that we plan and perform our audit to obtain reasonable assurance as a basis for our opinion. Our audit included (1) obtaining an understanding of LakeShore Medical Centre's privacy and information protection practices and its controls over the information collected, (2) testing and evaluating the operating effectiveness of the controls, and (3) performing such other procedures as we considered necessary in the circumstances.       In our opinion, during the period of April 1, 1999 through June 30, 1999, Lakeshore Medical Center in all material respects disclosed its privacy and information protection practices on its web site, and maintained effective controls to provide reasonable assurance that private patient information obtained was protected from uses not related to Lakeshore Medical Center's business and was not used for purposes not disclosed on the web site, in accordance with the privacy and information protection criteria from the CICA/AICPA WebTrust criteria.       Because of inherent limitations in controls, errors or fraud may occur and not be detected. Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that (1) changes made to the system or controls, (2) changes in processing requirements, or (3) changes required because of the passage of time, such as to accommodate dates in the year 2000, may alter the validity of such conclusions.       The PrivaTrust plate of assurance on Lakeshore Medical Center's web site for privacy and information protection constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance.       This report does not include any representation as to the quality of Lakeshore Medical Center's goods or services nor their suitability for any customer's intended purpose. Toronto, Ontario Canada / July 5, 1999 Bennett Gold, Chartered Accountants www.BennettGold.ca

   > top of list

6. How much does PrivaTrust certification cost?

   PrivaTrust is not a free certification program like other less rigorous programs. Chartered Accountants apply rigorous testing and verify the privacy practices of the target web site. Then the site must re-qualify periodically through follow-up audits. The cost of this professional service is reasonable and surprisingly affordable, given the cost to your business of not protecting web consumer privacy in a verifiable way.

   To understand the price paid by web sites that choose not to invest in privacy certification standards, take a moment to view PrivaGate.com. In the dozens of cases portrayed on that site, the PrivaTrust certification process would have identified privacy loopholes and prevented the avalanche of negative publicity that resulted for those hapless site owners.

   > top of list

7. Do web consumers really care that much about internet privacy assurance?

   Recently there have been many high-profile break-downs of comsumer privacy on e-commerce web sites (view a list of such headlines at PrivaGate.com). With each occurence, confidence in online commerce is diminished and web consumers ask themselves, "How can I trust these sites?".

   PrivaTrust plugs this confidence gap by a rigorous privacy audit process and strict site requirements that cannot be cheated.

   > top of list

8. Who administers the PrivaTrust internet privacy assurance program?

   PrivaTrust was conceived and developed by the firm of Bennett Gold, Chartered Accountants, based in Toronto, Canada. The program is administered under PrivaTrust Corporation, in affiliation with Bennett Gold, Chartered Accountants.

   Mr. Robert Gold, innovator of the PrivaTrust project and managing partner at Bennett Gold, is one of North America's leading professionals in the field of e-commerce trust and privacy assurance. Robert also is founder of an international alliance of accounting professionals who work in this new field of specialization.

   You may telephone Robert directly at (416) 449-2249 x223, e-mail him at rygold @ BennettGold.ca, or fill out the online contact form.

   PrivaTrust Corporation is an independent organization which is not affiliated with or endorsed by WebTrust, which, however, adopts the WebTrust principles, criteria and guidelines in connection with PrivaTrust Assurance Services. PrivaTrust Assurance Services are only provided by practitioners who are WebTrust licensees.

   Further information about WebTrust can be found at: WebTrust.net, Canadian Institute of Chartered Accountants, or American Institute of Certified Public Accountants.

   > top of list