“…it’s gone from zero impressions a month in advertisements to 10, 11 months in, we’re already pushing 20 billion impressions a month…”

Mike: Hey, everyone. I’m Mike Sullivan. This is MO.com. Thanks for joining me. With me today is Chris Babel. He’s the CEO of TRUSTe. TRUSTe is the largest online privacy solution provider. Chris is with us today to talk a bit about privacy. Chris, can you tell us a little bit about yourself to start things off?

 

Chris: We originally joined TRUSTe, where I’ve been for the last two years, from VeriSign. At VeriSign, I had a number of different roles that started as an M&A guy, helped them do their first 20 to 25 acquisitions, went through a bunch of different business roles. I eventually managed the whole security part of the business. Prior to that, I was an investment banker. I’m kind of seeing… I’m doing deals, running businesses, both big, at VeriSign the team was about 800, to small. At TRUSTe, we started with about 60 employees, and today we’re at a little bit over 100.

Mike: So what service is it that TRUSTe actually provides?

Chris: Sure. We’re really kind of at this unique intersection of helping businesses online and consumers online interact and build trust. A consumer, when it hits a site, doesn’t know what data is being collected about them or how that data is being used. They obviously know from typing in a credit card, you’re going to use it to process the book that I’m buying, or what have you, but they may not know that you’re capturing the fact that you’re looking at a certain type of shoe on their site, and then they’re going to re-target you at the next 10, 15, or 20 sites with that same shoe ad. We’re really trying to help build trust between consumers and businesses online, really regarding privacy. What’s happening with your information, how it’s being collected, and how it’s being used.

Mike: Chris, we hear the term “privacy” thrown around a lot. What does “privacy” mean? What does “online privacy” mean?

Chris: It’s interesting. As a CEO of a privacy company, I get asked, “What’s your definition of privacy?” My answer is, “What’s yours?” That really tends to kind of irritate people, but that’s what I think is really unique about privacy. In the security world, where I came from, people would say, “Well, what’s good encryption?”, and I’d say, “Well, it means it’s this type of algorithm using this type of key, and it’s very, just, mathematical and systematic.” You the consumer had no choice. But, in privacy, it’s really up to you.

What I mean by that is, you can be a very open person, and I’ll pick an extreme, like Ashton Kutcher. He tweets about marital problems with Demi Moore all the time. He’s a very open person, right? Another celebrity, and we’re out here in California, so I like to pick on our own Governor Schwarzenegger, right? Clearly not as private of a person, with his illegitimate child that came out after he was governor. The point, really, is that what’s difficult about privacy is that it’s a personal issue. You never know who, as a business, you’re kind of hitting at that end of the spectrum.

What we talk about, in terms of good privacy, is that it’s really about being transparent. I’m a website, and collecting this piece of information. I’m giving the consumer some choice, like, “I’m going to share it with a third party to market to you. Would you like that to happen or not,” and then being accountable to that choice. That’s good privacy. It’s really, over the last two years, it’s been interesting.

I think my timing was more luck than good. I thought privacy was going to become a big and important issue, and you’ve really seen it explode over the last two years, whether it’s the fact that, the most recent one with Carrier IQ being accused with basically tracking 140 million mobile phone users, their location, every key stroke, and all this data that’s being collected off of people’s mobile phones.

Whether it be Facebook concerns, whether it be Google concerns, whether it be The Wall Street Journal Privacy Series that they ran last year about advertising, and how you’re tracked, I think we’ve really seen consumers get concerned, and they don’t really know what they don’t know. They don’t know how to deal with it. They don’t know how to protect themselves.

Mike: Earlier, you gave me the example of going to look at a shoe, and then being targeted again on subsequent sites that you visit. Is there an ethical question there, or is there anywhere where the line is drawn?

Chris: I think, and this is called re-targeting, and it’s the one that I use as an example often, because consumers are starting to see it more and more. You go look at that shoe, and you can only see it in this ugly blue, so you choose not to buy it, but then you see that big, ugly, blue shoe pop up site after site, and it really draws your attention to it, right? So, it’s becoming more noticed by consumers.

For us, things like that, re-targeting, they’re perfectly acceptable. The point, again, though, is that what’s hard is, in that case, consumers typically don’t know that it’s happening. They see it, and they’re like, “Wow. That’s Big Brother. I don’t understand how that happened, and why it happened. How are they doing this?” Right? They don’t know how to turn it off. So what you’re starting to see in ads that are behaviorally targeted, it’s typically in the upper right-hand corner, you’ll see a little “i” icon, with a little, kind of, like play button forward arrow, and it might say “ad choices” next to it, or if you mouse over it, it says “ad choices”.

It’s actually one of the technologies that we provide. You can click on that. You can get to a window that allows you to choose, and set preferences, and say, “I don’t want to be targeted by these different ad networks anymore.” You can opt out of their targeting. Now, you’ll still get advertisements. They just won’t be as targeted, which may mean you don’t get that offer on that ugly blue shoe that you were looking to buy. Right? And so there’s two sides of it, but again, the point, if you go back to good privacy, is being transparent, “Here’s what’s happening,” giving choice, “Here’s the ability to opt out,” and then being accountable to that choice. That’s what we’re trying to provide to the consumer.

An example of how prevalent that’s become, that particular offering that we have, we started doing this year, and it’s gone from zero impressions a month in advertisements, to 10, 11 months in, we’re already pushing 20 billion impressions a month of those in ads. It’s really growing, and consumers are starting to see it, interact with it, and basically feel like they can control things again.

Mike: The Cloud concept has become is hugely popular. How safe is it for businesses and individuals to store their information in the Cloud?

Chris: What a fantastic, basically, if you just think about, “Let’s all put our consumer hats on,” and what a fantastic tool, like a DropBox, or iCloud from the guys at Apple, or any of those types of services where it’s like, the idea of, “Wow, I lost my disk drive,” just doesn’t exist anymore. Or, “Wow, I have to log into my computer.” Even at home, I’ve got a nice MacBook Air, here, that I use, but I don’t even have to take it home, because all the files just sync, and they’re on my machine at home when I get there, right? Very, very convenient, nice services.

The flip of that is, are you the only one looking at those files, or what’s happening to those files? Who might have access? There are security issues of that. Is it encrypted? There’s also, how else might that information be used to target me with an advertisement, for example, or what have you. I think that with Cloud service providers, what we’ve found is that as that market explodes, and there’s more and more companies offering Cloud services, especially the small ones, everyone knows Salesforce. Everyone knows NetSuite, right? In fact, we even use both of their services here at TRUSTe, but at the end of the day, the next small start-up that’s out there, that’s developed a Cloud service, they find it hard to provide the credibility day one, that they need to get people to upload all this data to them, and people are getting more and more skeptical and concerned about these things.

Whether it’s going to a security to vendor, to get stuff sent, to say, “Hey, they have good security,” or coming to a privacy vendor like us, and saying, “Hey, we keep your data private. We keep it only with you. We have good practices in place,” we’ve found that to be very, very valuable for these businesses, for them to generate their business, right? We’re really kind of seen in this market as an enabler of Cloud services, and allowing them to go out and get the customers that they’re trying to grow and achieve.

Mike: How important is it for business owners to have a privacy policy posted on their website?

Chris: We get this question a lot, and it’s interesting in the sense that, I think, whether you’re a small business that has a site, whether you’re three guys selling T-shirts out of your garage, or whether you’re even three guys building a mobile application out of your garage, right? If you are collecting data from any California resident, as an example, it is a California state law that you have a privacy policy link at the point of data collection. On a website, that would mean on the page. In a mobile app, that would mean in the mobile app.

Now, if you’re a small business in, and I know you’re in Illinois, and you have me come as a customer, and you don’t have one, are the California officials really going to have the dollars to come after you? No, but the point is, there are laws in local regions, and it’s pretty easy to have a privacy policy, right? You can come to our site, for example, and for a few hundred dollars, or go to some of our domain name partners, and get a very simple privacy policy, not one that we’ve certified and said, “You have to definitely follow it,” but one that will just help you get one done on your site from some of our partners. We’re talking $10, $20 a year. It’s really a “check the box” item.

You should have one, because at the end of the day, again, starting with this telling customers what data you collect, how you use it, and giving them choice in that, is really a legal basis requirement. We’ve seen, oddly enough, the FTC go after some pretty small companies, and almost put them out of business. I’m talking, like, $5 million companies for really bad and outrageous privacy practices, and almost fine them out of existence in their entirety. If you’re really at that end of the spectrum, some bad things can happen, but for the plain vanilla business, maybe an e-commerce site trying to set up their services, go to one of the domain name guys, like eNom or one of their partners. Tucow is one of their partners. You can get access to a simple privacy policy through us that will get you in the clear, and you’re talking $20, $30 a year, very inexpensive.

Mike: With social networks playing such a large part in our everyday lives, what risks, if any, do social networks impose as a privacy risk?

Chris: I think there’s always the question in a social network. It’s kind of unique in the sense that this is the first time consumers are going out there and actually volunteering their information to a platform upon which then they can serve you banner ads that are targeted to you. If you think about the days of Google in the last ten years, they collected a good amount of information from you. You might have had your Gmail account there, so they could get some interest, or what have you, and serve you some targeted ads within Gmail.

But this is the first time that you’re really going in, and because you want to share data with friends or family, or what have you, you’re sharing immense amounts of information. What’s interesting in all these social networks is, the privacy controls that they have, again getting back to that level of choice, is, in some cases, overwhelming, and you’ve seen them actually go to such a degree of giving choice that they backed off that, and tried to make it simpler, because they got too complicated for users to even understand. I think for a simple consumer to think about it is, when you’re going into these social networks, go to the privacy settings.

We did a study a few years ago about kids and their parents, to see if they were both setting privacy settings, and the kids were actually setting them more than the parents, which is a little surprising, because everyone says that the teenagers and the young adults don’t care about this stuff, but they’re more technically savvy, and they were making more changes to their privacy settings. That being said, there was always the horror story of someone who’s doing something, and posts a picture, and gets fired from their job. So, just be careful. Think about who’s really in either your circles in Google+ or in your Friends network in Facebook, and think about what those settings are, and what you’re sharing.

Mike: How can small businesses best protect their own privacy, as well as that of their customers?

Chris: To me, it really comes down to two things. One is, make certain you’re doing the “check the box” items, right? So, go out, get a privacy policy. They’re inexpensive, right? That protects you, the business, legally. It also makes certain that you’re being clear with your customers, in case they have a concern later. It gets you kind of clear, transparent and available from the get-go. I think there’s a separate side of it, which is, that’s the “check the box”, “you need to do it” item. There’s the “benefit” item side of this, as well.

One of the things that we found, if you go to a site like BestBuy.com, you’ll see in the footer of every page, “Our TRUSTe Seal”. For the companies that actually step up a level from that basic privacy policy to maybe a $500 a year offering from us, we can certify it, where we say, “Yes, you have good privacy practices, and we’re testing you regularly, and to the extent that you’ve fallen out of line in some way, shape, or form, we help you get back to being in a good place.”

Our customers get to place that seal on their site. What we find, even from a big brand like Shop KitchenAid, last holiday shopping season, to a small brand, a liquidated pet supply retailer called Devonrue [SP], we saw in one case a 7% uplift in their business, in the A/B split test, and in the other case, for Devonrue, the smaller business, not as much brand recognition, a 29% uplift in their business.

We really saw a good uplift, and I think that gets back to, again, that consumer, when they’re buying online, they’re looking for the best price, but they’re also looking for the signals around that, that make them comfortable in actually doing that transaction, and that’s where the privacy seal that we offer to be certified can really help you, the business, not only check the box and okay, I’m not going to get in trouble, but this is a way to benefit my business and build trust with consumers.