This week OTA / the Internet Society joined nearly 90 individuals and organizations submitting comments in response to the US Federal Trade Commission call for comments in regard to the CANSPAM Act. By most accounts, the interactive marketing industry and email community have demonstrated a commitment towards compliance and the overall user experience. Based on OTA's own research businesses are unsubscribing t
Adhering to best practices, operational discipline and emerging standards in both web and mobile applications is paramount to to staying ahead of the cyber criminal. Thorough benchmark reporting, OTA continues to discover misconfigured servers and mobile apps which are vulnerable to abuse. As mobile usage and application development continues to grow, the need to adopt best practices in data security, app security and privacy have been highlighted. In an effort to aid site and app developers while enhancing online trust, consumer protection, and regulatory compliance, OTA has provided the resources and best practices. As learned in the development of website and software applications, developers can overlook basic standards and guidelines and fail to uniformly apply and maintain them between versions and device platforms. Creating a security and privacy discipline including robust integration from inception throughout an app's life-cycle pays long-term dividends to a company and to its users. Note as the landscape is rapidly evolving, developers need to conduct their own review for regulatory compliance.
These resources serve as a tool to help developers understand the criteria in which their applications will be evaluated in the 2014 Online Trust Audit & Honor Roll. OTA’s 2014 Audit tracks current guidelines and will evaluate and score apps against leading best practices. OTA recommends brands and developers move from a minimal compliance point-of-view to one of stewardship, making security and privacy a competitive business advantage. As outlined, it is paramount that developers implement adequate security controls, provide appropriate notification and understand privacy implications and boundaries of collection and use of data