Online privacy certification company True Ultimate Standards Everywhere, Inc., better known as TRUSTe, entered into a consent order with the Federal Trade Commission (“FTC”)on Monday, November 17, 2014. This consent order addressed not only the issues that spawned the FTC complaint but also aspects of TRUSTe’s business that appear to have been wholly unrelated to the conduct that the FTC believed violated the law. The agreement will settle claims that:
- TRUSTe did not review and recertify certain clients annually, as promised in its certification materials, and
- It allowed some clients to continue representing TRUSTe as a non-profit entity for nearly five years after TRUSTe had become a for-profit business.
TRUSTe has agreed to correct these issues and to pay $200,000 in disgorgement to the FTC.
In addition to these conditions, TRUSTe has also agreed to additional monitoring and reporting obligations on its COPPA certification programs—a program that was not the basis for any counts within the FTC’s complaint.
TRUSTe’s agreement to these additional monitoring and reporting obligations on its COPPA program highlights the risk of collateral damage a business faces anytime the FTC investigates any aspect of a business’s operations. Even portions of a business that have not done anything wrong may face increased compliance obligations under an FTC consent order if other areas of a business have violated, or have potentially violated, the law.