The Online Trust Audit & Honor Roll assesses nearly 1,200 organizations, recognizing excellence in online consumer protection, data security, and responsible privacy practices. This 10th annual audit of more than 1,200 predominantly consumer-facing websites is the largest undertaken by OTA, and was expanded this year to include payment services, video streaming, sports sites, and healthcare. Read the announcement blog post and recap, or click through the links below to learn more.
|Read the Full Report|
|See the Infographic of Key Findings|
|Watch the Video Recap|
|Join the Webinar on 24 April 2019|
|Read the Press Release|
The sectors examined and the associated top-ranked organizations include:
- 2018 Internet Retailer Top 500 (IR 100 & IR 500)
- Top 100 Federal Reserve Banks (Bank 100)
- Top 100 U.S. Federal government organizations (Federal 100)
- Top 100 Consumer Services companies (Consumer 100)
- Top 100 News and Media organizations (News 100)
- Top 100 ISPs, Carriers & Hosters (ISP/Hosts 100)
- Top 100 Healthcare organizations (Health 100)
- OTA (Internet Society) Member organizations (OTA)
While the majority of segments remain the same, the actual list of organizations audited each year changes based on revenue/traffic ranking and market consolidation. This year, with the addition of the Healthcare sector and additions or shifts in organizations on the ranked lists, approximately 30% of organizations are new to the Audit.
As in previous years, 100 baseline points can be earned in each of the three major assessment categories (consumer protection, site security and privacy). Bonus points are applied for emerging best practices and penalty points are applied for breaches, legal settlements and observed vulnerabilities. A minimum score of 60 is required in each of the three categories. Bonus points are limited to a maximum of 20% of the baseline score. Sites qualify for the Honor Roll by achieving a score of 80% or higher overall with no failures in any one of the three core categories. Read more about the methodology here.
2018 has seen record achievement, with 70% of organizations earning Honor Roll status (the previous high was 52% in the 2017 Audit). Given that the methodology was updated to “raise the bar” in all three scoring categories, this is impressive. Scores of former OTA members are not incorporated in the results (except the overall top scores) since they would skew the results (98% achieved Honor Roll status).
Honor Roll achievement grew in all sectors despite more stringent criteria in this year’s Audit. The Federal 100 outscored all sectors with 91% achievement, overtaking the Consumer 100, which has been the top sector for six consecutive years. U.S. federal government entities were also most improved, followed closely by the Bank 100 and News 100. The newly added Healthcare sector had 57% Honor Roll achievement, lagging all other sectors.
The top overall score in the Audit was earned by Google News, which was also the top score in the News/Media sector. Other sector winners were 23andMe (Healthcare), Federal Emergency Management Agency – FEMA (US Federal Government), First National Bank of Omaha (Banks), Google Cloud (ISP/Hosts), Google Play (Internet Retailers), Online Trust Alliance (OTA Internet Society members), and PayPal (Consumer).
Overall failure results show that privacy was the most prevalent cause of failure for all sectors at 15%, followed by consumer protection at 13% and site security at only 3%. Failures in the consumer protection category improved dramatically from 33% in 2017, primarily due to significantly higher adoption of DomainKeys Identified Mail (DKIM). Failures varied widely by sector. Overall, 27% of sites failed in one or more areas (down from 47% in 2017). The highest causes of failures were lack of email authentication in the Healthcare and ISP/Hosts sectors followed by inadequate privacy statements for the Internet Retailer and ISP/Hosts sectors. Conversely, the Federal and News sectors each had no failures in Site Security and the Federal and Consumer sectors led the way in privacy, with failures of only 2%.