The Federal Trade Commission announced that it settled charges with ControlScan, a company that certifies the privacy and security of Web sites, including online stores. The FTC had charged ControlScan with misleading consumers “about how often it monitored the sites and the steps it took to verify their privacy and security practices. The settlements will bar future misrepresentations.” In a separate settlement, ControlScan’s founder and former CEO, Richard Stanton, agreed “to give up $102,000 in ill-gotten gains.”
Third-party privacy and security certification programs like ControlScan are used by Web sites to assure visitors and customers that the site is secure and consumers can feel confident about providing personal and financial information. Certification companies provide privacy and security “seals” to convey that an independent party is auditing the practices of the site regularly to be sure its data is not vulnerable.
ControlScan offered a variety of privacy and security seals for display on Web sites. Consumers could click on the seals to discover exactly what assurances each seal conveyed. For example, the company’s Business Background Reviewed, Registered Member, and Privacy Protected seals conveyed that ControlScan had verified a Web site’s information-security practices.
However, the FTC alleges that ControlScan provided these seals to a Web sites with “little or no verification” of their security protections. Similarly, the FTC alleges that the company provided its Privacy Protected and Privacy Reviewed seals to a Web sites with “little or no verification” of their privacy protections.
The FTC also charged that although ControlScan’s seals displayed a current date stamp, the company did not review any of the seal sites on a daily basis. […] The FTC charged that the defendants’ deceptive acts violated federal law. […]
The settlement with ControlScan bars the same misrepresentations and requires it to notify the Web sites that have displayed the seals of the Commission action and require them to take down the seals. Finally, a judgment of $750,000 is suspended, based on ControlScan’s inability to pay.