Privacy certifications, or "trustbrands," are seals licensed by third parties for organizations to place on their homepage or within their privacy policy. The seals typically state, or imply, that the organization which has displayed the seal has high privacy or security standards, or has had its privacy or security practices reviewed by a third party. Some seals also imply that the organization has agreed to join a self-regulatory program that may provide consumers with additional rights, such as a mechanism for resolving privacy-related disputes.

What to think about when considering whether your organization should purchase a privacy certification:

  1. Does the certifying agency have its own privacy or security standards?
  2. Do the certifying agency’s standards exceed legal requirements?
  3. Does your organization’s practices meet the certifying agency’s standards?
  4. If the certifying agency’s standards change, is your organization prepared to modify its practices accordingly?
  5. Has the certifying agency been investigated by the FTC, or another consumer protection authority, for deceptive or unfair practices?
  6. If so, are you confident that the certifying agency’s seal and review process is non-deceptive and that association with the agency will not result in negative publicity?
  7. Have consumers complained to the FTC about the certifying agency?
  8. Does your organization have a mechanism in place to ensure that the license for the seal is renewed each year and/or that the seal is removed from your website if the license expires?
  9. Have plaintiffs' attorneys used the seal against other organizations by alleging that those organizations agreed to a higher standard of care by adopting the seal?

The following provides a snapshot of information regarding privacy certifications and "trustbrands."


Percentage of consumers that are worried about online privacy.1


Percentage of consumers who claim they look for privacy certifications and seals on a website.2


Percentage of consumers who say that they would share their interests with advertisers if the advertiser’s privacy policy was "certified."3


The number of certifying agencies the FTC has alleged offered deceptive seals.4