Few Charities Meet Federal Guidelines for Online Privacy Policies

Although current law does not require that Internet sites institute privacy controls,

the Federal Trade Commission recommends that charities, companies, and other organizations draft policies to deal with the issue.

Those policies should be posted on Web sites, the federal agency says, and should spell out what personal information is collected, how it is used, whether it is shared with other organizations, and how individuals can keep information about themselves from being shared.

However, few charities that seek online donations and request credit-card numbers and other personal information meet the F.T.C. guidelines, a Chronicle spot check has found.

Among 50 of the nation’s largest charities that also seek credit-card gifts online, only three post privacy policies that meet all the guidelines: the international relief group World Vision, the Christian Broadcasting Network, and Fidelity Investments Charitable Gift Fund. The fund, which enables individuals to make gifts from a personal fund that they can create and add to online, had no privacy policy on its Web site until last week.

Seven other charities met all of the F.T.C. standards except the one that recommends giving Internet users a way to learn what information is collected about them and a chance to correct any inaccuracies. But the vast majority had no comprehensive privacy policy.

By not making their data-collection and information-sharing practices clear, experts say, charities hurt their chances of getting gifts online from people who look for such assurances before giving out their credit-card account number or other personal information.

Indeed, privacy concerns are one of the biggest barriers to online transactions, several recent reports have found.

For example, a study released in October by the I.B.M. Corporation found that 92 percent of American Internet users said they were “somewhat concerned” or “very concerned” about threats to their personal privacy online. And 85 percent of Internet users said that, when engaging in Internet transactions, it was “absolutely essential” or “very important” that a Web site display a privacy notice to explain how any personal information they provided would be used.

Such consumer concerns are one reason why only about a quarter of Internet users go beyond browsing and actually buy products and services online, according to a report issued last year by the Federal Trade Commission. The same conclusion could be drawn about charities: Even well-known charities like the American Red Cross have been able to persuade only a tiny percentage of their donors to give online.

Recent concerns over online privacy have prompted several lawmakers to introduce bills in Congress that would authorize the Federal Trade Commission to draft mandatory regulations, which many observers believe would be patterned after the current voluntary ones. President Clinton has predicted that such legislation will be passed this year.

Meanwhile, charities appear to be lagging behind companies in posting comprehensive privacy policies online. One study of commercial Web sites released last year found that 22 percent of the sites contained policies that met all of the F.T.C. standards, compared with only 6 percent of the charity sites in the Chronicle survey.

To improve privacy protections on the Internet, at least two new watchdog organizations have been created, both of them non-profit organizations. They are now monitoring Internet sites and issuing “seals of approval” to commercial and non-profit Web sites that meet the F.T.C. privacy standards and other guidelines, such as posting privacy policies no more than one click away from a Web site’s home page.

One of the watchdogs is TRUSTe (http://www.truste.org), a Cupertino, Calif., organization, created in 1997. It has granted its seal to 1,400 organizations, including 16 non-profit organizations, that meet its guidelines, which are modeled on the F.T.C. standards. Organizations that apply for the seal pay a sliding-scale fee, based on their annual revenue, that ranges from $299 to $4,999.

After issuing seals, TRUSTe continues to monitor sites to make sure they are in compliance with its guidelines, investigates complaints about privacy violations from Internet users, and attempts to resolve privacy-related concerns.

Another watchdog, BBBOnline (http://www.bbbonline.org), was formed last year by the Better Business Bureau and has now granted some 250 seals of approval to organizations. The seal program is somewhat cheaper than that of TRUSTe, but also charges a similar sliding-scale fee, ranging from $150 to $3,000.

Like TRUSTe, the program also investigates complaints and posts the results on its Web site. Recently, for example, the watchdog handled a complaint from one man who said he got unsolicited e-mail from eBay, the Internet auction site, after specifically requesting that he not get any such mail.

“We are doing what we have done in the brick-and-mortar marketplace for years,” says Gary Laden, director of BBBOnline. “On the Internet, we are working to give consumers and businesses confidence in this new marketplace.”

Amanda Marshall contributed to this article.