|Editor's Review Costs & Features User Reviews|
Editor's Star Ratings:
|Website Vulnerability Scanning:|
|PCI Compliance Scanning:||N/A|
|Business Verification Options:|
|Range of Security Seals:|
|Ease of Use / Setup:|
|Value for Money:||Not Known|
|Overall Star Rating:|
The Entertainment Software Rating Board (ESRB) is a little different to others in this category. ESRB.org is primarily used by companies who wish to comply with various legal frameworks when collecting customer data, rather than to merely protect their websites from harmful attacks or data leaks. For example, ESRB.org primarily helps video games companies to keep within the guidelines of the law when collecting and protecting personal information online. This is particularly important when working under the Children’s Online Privacy Protection Act (COPPA).
ESRB.org help publishers and retailers with data protection services. They’ve worked with some big names, including Jet, Pokemon and Oink. You can check out some case studies on the site to better understand exactly what they do and who they will best serve.
ESRB's seals demonstrate that you are up to date and compliant with data and privacy protection laws, adding a sense of security for visitors. In addition, ESRB.org provide consultation services where you can gain personalized insights into your company’s compliance to data protection acts. In this way, ESRB.org offers a type of service similar to that offered by TRUSTe.com.
The collection of European citizens' data became even more legally complex after the European Court of Justice ruled the Safe Harbor Agreemnt to be invalid in October 2015. Until a new agreement comes into force, companies who transfer European citizens' data to the USA, "can no longer rely on self-certification and must seek to strike 'model contract clauses' in each case." (The Guardian).
Companies who have failed to adapt to the new legal framework have been fined for breaking European privacy laws. For example, in June 2016, The Hamburg Data Commissioner fined Adobe, Pepsi subsidiary Punicam, and Unilever, as they, "had not established allowed alternative methods even six months after the cessation of the Safe Harbour Agreement. The data transfer of these companies to the USA was thus without any legal basis and unlawful.". (Press release by Hamburg Commissioner for Data Protection and Freedom of Information).
In addition to verifying privacy for your visitors, ESRB also offered some protection from potential sanctions and fines, in the days when the Safe Harbor Agreement was still valid. It is unclear how the ESRB manage matters now that the Safe Harbor Agreement has been ruled invalid. At the time of writing, the website states that: "ESRB has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement." We could find no direct references on ESRB.org stating that Safe Harbor was ruled invalid in October 2015. We could only find a link to a government website for Safe Harbor which had been updated with an advisory notice about the European Court of Justice ruling in October 2015. We would, therefore, recommend contacting ESRB directly to find out if they still offer some protection from potential sanctions and fines or whether this option has been suspended until such a time as Safe Harbor's replacement, the Privacy Shield framework, is agreed upon.
Ensuring compliance with privacy laws is an important service if you are working with sensitive data, particularly if it’s from a vulnerable source (such as children). If you’re not working with vulnerable sources but are just looking for ways to protect your website and reassure customers that your sales systems are secure, there are probably better providers of website security seals and SSL certificates. Please see our top ranking sites for example.
Whilst ESRB does provide several seals and specializes in supporting companies which work with children’s data, its expertise seems less apparent elsewhere. In addition, they don’t offer as many services or features which would appeal to a more general user.
Prices are not provided until you’ve taken advantage of their privacy risk assessment, but at least that is free of charge. They also offer a few documents and other resources. The website is a little sparse on information otherwise, though, and you can only get in touch via online forms.
Although ESRB provide a range of seals to help other users identify whether your site is safe and appropriate for them, it’s a very specialized service. For most websites, it will have few practical applications, but for some it may prove useful by providing up to date data protection information. If you have content which may not be suitable for younger viewers, but you’re not exactly sure whether or not you might come undone with data laws, they could provide a valuable service. However, it would be wise to also have a look at our review of TRUSTe.com to see how it compares to ESRB.org for this specialized area of regulatory compliance.
Click on the button below to check out ESRB.org for yourself...