How is a consumer supposed to know if an online company is actually following the practices and keeping the promises that it outlines in its all-too-often almost incomprehensible privacy policy?

Assuming you do read and understand it, most of us don’t have the resources or ability to verify that the company is actually doing what it claims.  That’s where a company like TRUSTe comes in.  They check that a company is doing what it says it’s doing to meet the consumer privacy programs it administers.  If the answer is yes, then TRUSTe, for a fee, gives the online business a seal of approval that it can display on its website.

Consumers then supposedly can count on the online company doing what it promises. Well, turns out you can’t rely on TRUSTe.  It seems the privacy certifying company has been deceiving consumers about its certification program.

The Federal Trade Commission says that from 2006 until January 2013, TRUSTe failed to conduct annual re-certifications of companies holding its privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.

TRUSTe also allowed companies to describe TRUSTe as a nonprofit organization.   It was founded as a non-profit, but became a for-profit business in 2008.

In the proposed settlement announced Monday by the FTC, TRUSTe agreed to stop the deceptive practices and disgorge $200,000.

“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC Chairwoman Edith Ramirez.  “Self-regulation plays an important role in helping to protect consumers.  But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action."

I’ve got a little different takeaway: Self-regulation doesn’t work.  We need tough privacy laws, that can be enforced without the FTC having to allege “deception.” And — most importantly — you simply can’t trust what companies claim.