HomeBest PracticesIndustry Best Practices

Industry Best Practices

OTA provides the following best practices, resources and guidance to help enhance online safety, data security, privacy and brand protection.   To maintain and enhance online trust, industry needs to move from a compliance mindset to one of stewardship, while promoting the value exchange consumers receive. Organizations should consider these efforts and apply to their organizations as applicable, following a review of their respective legal, regulatory and compliance requirements.

Site Vulnerability & Bug Reports

OTA is committed to the adoption of security and privacy best practices.  Recognizing the evolving threat landscape, we welcome responsible and coordinated disclosures to help improve the security of our site.   Please allow 72 hours for an intial reply and initiate investigations and risk assessments.    Note unless requested otherwise by the submitter, after investigation and resolution, we will provide affirmation to confirmed and resolved reports.

Information Required

Internet of Things

/system/files/files/initiative/documents/iot_sharedrolesv1.pdfIoT Trust Framework 2.0 Released
Coalition EmbracesIoT Trust Principles
(Jan 5, 2017)

IoT Trust Framework - Security, Privacy & Sustainability
Formed in early 2015, the OTA IoT Trustworthy Working Group (ITWG) recognizes “security and privacy by design” must be a priority from the onset of product development and be addressed holistically. The working group focuses on privacy, security and sustainability. Sustainability incorporates the life-cycle issues related to long- term supportability of the device and service, transfers of ownership of devices and the control and usage of the data collected.

Marketing & Unsubscribe Best Practices

Consumers often react negatively to email which they feel is irrelevant to their interests or which may be sent to their inboxes too frequently. Today ISPs are placing added weight on user engagement to make a determination on the placement of email into the user’s inbox, junk or spam folder. With these considerations, it is in any marketer’s best interest to create a trustworthy unsubscribe mechanism for their recipients. The opt-out function should be easily discoverable and useable. OTA encourages mailers to move past the minimum compliance requirements outlined in the U.S. CAN-SPAM Act and the recently passed Canadian Anti-Spam Legislation (CASL). More >

Email Retail Collection Best Practices

October 30, 2015 - As we head towards the holiday buying season, increasingly retailers are deploying email collection at point of sale.  Collection at time of purchase provides significant benefits to the retailer and done right the same for the consumer.  That said, how can a consumer understand what and how the email is being used?   What forms of notice are appropriate and is it reasonable a sales clerk can understand the nuances of data collection, transactional purposes and sharing with affiliate or unaffiliated third parties? 

Transport Layered Security (TLS) for Email

Today email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another.  This design limitation leaves the content of a message in transit open for anyone to eavesdrop; from a wireless hotspot at the airport or coffee shop to your ISP and internet backbone providers that carry your messages throughout the world.

Subscribe to Industry Best Practices