It’s taken me a long time to figure out TRUSTe. I’ve been to their offices, which are in a swanky building on Second Street in San Francisco’s Financial District, about three times in the last 10 months. But my last story about the company was back in September 2010, when it introduced some new privacy certification services for makers of mobile apps. The oddity about TRUSTe—the thing I couldn’t get my head around, until recently—is that the organization is a for-profit business that’s paid by other companies to verify that their online privacy practices meet its standards. Most of the other bodies that do this kind of thing, like the International Organization for Standardization (ISO) or Underwriters’ Laboratories, are non-profits—as TRUSTe itself was until 2008. I couldn’t understand why anyone would trust TRUSTe, when its revenue comes from the very companies it monitors. In economics, after all, that’s called “regulatory capture.”
The tension I was sensing is real—and, in fact, TRUSTe has taken heat in the past for lax enforcement of its own privacy standards. But in the course of several conversations with TRUSTe CEO Chris Babel and president Fran Maier, I’ve come to realize that I was thinking about the company in the wrong way. It’s not really a regulatory or standards organization, and never was. It’s more akin to a Progressive Era industry association—sort of like the Better Business Bureau or the Good Housekeeping Institute—built to tackle an Internet-age problem. Its job is to dispense a virtual seal of approval, to help assure consumers that when they visit TRUSTe-certified sites, they aren’t putting their private information at risk. Once that trust is in place, the concept goes, everyone can get on with business.
It’s also wrong to think of TRUSTe as a detective bureau, full of people running around investigating consumer complaints. It does have staffers who do that, but increasingly, TRUSTe is a technology company. It’s got software that automatically generates privacy policies, software that crawls and scans websites for potential privacy holes, software that automates opt-out programs for behavioral advertising, software that can help your Web browser block tracking cookies. In fact, it’s only by automating such processes, Babel says, that TRUSTe can keep up with the Internet’s growth and make its services accessible to more companies.
“The most frustrating question I get is, ‘Oh, TRUSTe, I recognize that, you’re that non-profit that has people doing privacy certification, right?'” Babel says. “I love the fact that people have seen the seal, they know it and recognize it and trust it. But we as a company have not gotten the message out well that in terms of our technological underpinnings, we’re really more like a three-year-old startup.”
It was looking at Babel’s own professional background that finally helped me understand TRUSTe’s current mission as a for-profit company. He came to the company from VeriSign, where he managed the Secure Sockets Layer (SSL) business, selling the certificates that website owners use to encrypt communications with visitors’ browsers. That part of VeriSign has since been sold to Symantec, but under Babel’s leadership it hit the 500,000-customer mark—and he has similar ambitions for TRUSTe. “All of the same customers who were buying an SSL certificate should also have a privacy policy,” he argues.
TRUSTe has a long way to go to hit that level—it’s only got 4,500 paying customers, who represent just a sliver of the overall e-commerce market. But that’s still a big increase over the 1,800 clients that TRUSTe had when Babel came on board two years ago. With $22 million in venture funding from Accel Partners, Baseline Ventures, DAG Ventures, and Jafco Ventures, the company has been scaling up fast—it’s now got 95 employees, including 35 in sales (up from four when Babel arrived), 30 in engineering (also up from four), and 20 in support and operations. And in the last year, it has expanded way beyond its initial focus on website privacy certification, adding services in three burgeoning areas where privacy questions are gaining urgency: advertising, mobile apps and websites, and cloud computing.
“Our pitch is that you need the best privacy policy on the planet,” says Babel. “That’s as unsexy as it gets as a sales pitch. But when you place the seal on your site”—or app, or ad, or cloud service—“you tend to see your customers buying more.”
* * *
TRUSTe exists because of the constant pressure that technology places on our personal boundaries. The truth is that the more personally identifiable information or “PII” that your favorite travel site, airline, wireless carrier, newspaper, or social networking site has about you, the more customized the services and content they can offer. It’s inevitable that
