Seattle, Washington - The Online Trust Alliance announced today the methodology behind their forthcoming 2015 Online Trust Audit and Honor Roll, evaluating the online privacy and security of leading websites. This marks the seventh consecutive year OTA has conducted its Online Trust Audit and Honor Roll report to identify responsible privacy and data security practices.
In light of the White House’s recently released draft Consumer Privacy Bill of Rights, the OTA Honor Roll and Audit will measure many of the key findings of the draft Act, providing consumers the ability to make informed decisions on the privacy and security practices of the sites they frequent.
As the only comprehensive, independent online trust benchmark study, the Honor Roll will evaluate sites in three categories: brand protection, privacy and security. Based on a composite weighted analysis, those sites that score 80 percent or better overall will be recognized in the Honor Roll. Combined, this study analyzes nearly 1,000 leading websites, including the Internet Retailer 500, FDIC 100 banks, top social networking companies, top 50 news and media, and government agencies. New to the 2015 report will be an audit of leading Internet of Things (IoT) providers focused on home automation and wearable technologies.
The 2015 Online Trust Audit reflects feedback on the scoring methodology from leading companies, consumer groups, security professionals and associations, who responded to OTA’s call for public comment issued last November. Data collection and evaluations will commence in late April running through mid-May, with the website Honor Roll Report being published in June. See 2015 Online Trust Audit Methodology
“As consumers and leading brands are being faced with the onslaught of data breaches and privacy missteps, we need to promote best practices and recognize companies committed to security, responsible privacy and data stewardship,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance. Spiezle further stated, “We encourage brands and organizations operating websites to review the methodology and optimize their controls and data practices. Doing so will enhance online trust, promote innovation and a healthy Internet.”
The Online Trust Honor Roll & Audit focuses on the three key pillars of online trust:
- Brand Protection - Email authentication, domain security and anti-phishing technologies.
- Privacy - Policies and practices including data retention, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers.
- Security - Site configuration, Secure Socket Layer (SSL) infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls.
OTA is hosting a briefing on Thursday March 12th at 10 AM PST to help provide businesses the ability to better understand the methodology and underlying best practices to optimize their site’s trust score. Register Today
Several key new criteria have been added into this year’s methodology—most notably are the recognition for use of the Opportunistic Transport Layer Security (TLS) cryptographic protocol to encrypt email communications server to server, updated SSL protocols, and use of anti-botnet technologies. Also, increased weighting has been placed on implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) policies using a reject policy record for emails from unauthorized domains and privacy policies which provide consumer clear concise notice.
The 2015 report is powered by a broad range of tools and resources from leading data providers including Agari, AVG PrivacyFix, DigiCert, Distil Networks, Ensighten, High-Tech Bridge SA, IID, Microsoft, Return Path, Qualys (SSL Labs), SiteLock, Symantec, TRUSTe and others.
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.