Online privacy certification company True Ultimate Standards Everywhere, Inc., better known  as TRUSTe, entered into a consent order with the Federal Trade Commission (“FTC”)on Monday,  November 17, 2014. This consent order addressed not only the issues that spawned the FTC complaint  but also aspects of TRUSTe’s business that appear to have been wholly unrelated to the conduct that  the FTC believed violated the law. The agreement will settle claims that:

  1. TRUSTe did not review and recertify certain clients annually, as promised in its certification  materials, and
  2. It allowed some clients to continue representing TRUSTe as a non-profit entity for nearly  five years after TRUSTe had become a for-profit business.

TRUSTe has agreed to correct these issues and to pay $200,000 in disgorgement to the FTC.

In addition to these conditions, TRUSTe has also agreed to additional monitoring and reporting  obligations on its COPPA certification programs—a program that was not the basis for any counts within  the FTC’s complaint.

TRUSTe’s agreement to these additional monitoring and reporting obligations on its COPPA  program highlights the risk of collateral damage a business faces anytime the FTC investigates any  aspect of a business’s operations. Even portions of a business that have not done anything wrong may  face increased compliance obligations under an FTC consent order if other areas of a business have  violated, or have potentially violated, the law.