Online Trust Alliance Requests Public Comment for 2017 Online Trust Audit Methodology

BELLEVUE, Wash. and SAN JOSE, Calif. – The Online Trust Alliance (OTA) today issued a call for public comments on criteria for inclusion in the 2017 Online Trust Audit. Now in its ninth year, the Audit is recognized as benchmark research for evaluating responsible privacy and data security practices of over 1,000 consumer facing sites across the public and private sectors. Speaking at the IAPP’s Privacy. Risk. Security Conference session tomorrow entitled “Making The Grade: Moving from Compliance to Stewardship,” OTA will be critiquing 2016 results and inviting suggestions for best practices which further enhance consumer protection, data security and user privacy.

The primary goals of the Audit include:

1. Provide benchmark tracking of industry standards and best practices.
2. Giving prescriptive tools and resources to aid companies in enhancing their practices. 
3. Reward and recognize organizations achieving top scores, demonstrating a commitment to online trust and consumer protection.

As the only comprehensive, independent, online trust benchmark study, the Audit evaluates sites on three primary categories including security, privacy and consumer protection practices. The Audit includes over 50 criteria ranging from site security and privacy policies to prevalence of third party data tracking and sharing to reputation analysis of domains, IP addresses and marketing practices. Sectors evaluated include banking, ecommerce, online services, content and public sector government sites.

This year a record 50 percent of sites achieved scores of 80 percent or higher, confirming that while the bar is raised every year, the criteria are achievable by organizations of all sizes in all industries. OTA updates the criteria and scoring models annually, incorporating input from industry, government agencies, consumer groups, trade associations, and generally accepted and deployed security standards. The 2016 methodology is supported by data provided through a combination of leading technology providers and OTA’s internal assessment tools.

“In order to maintain consumer trust and confidence and spur the vitality of online services, it is imperative that organizations double-down on security and privacy measures,” said Craig Spiezle Executive Director and President, Online Trust Alliance. “The Online Trust Audit recognizes companies embracing data stewardship, transparency and a commitment to consumer protection.”

In order to be considered, recommendations for new or revised metrics must: 

1. Be vendor neutral and reflect generally accepted industry and business standards
2. Allow for automation (i.e., must not require manual data collection)
3. Be applicable internationally and across banking, ecommerce, online services, public sector government and news/media sectors

OTA’s Internet Trustworthy Working Group is currently evaluating possible additions including adoption of multi-factor authentication, business reputation scoring and email marketing practices. In addition, assessment of sites’ publically discoverable vulnerability reporting mechanisms is under consideration to promote responsible vulnerability disclosures.

Comments for the 2017 methodology should be submitted to OTA via email to [email protected] in a word document or PDF.  All submissions must include contact information and an outline of the criteria and reference material to be considered for inclusion. The deadline is 5 PM PST, Thursday, November 3, 2016. OTA may post all submissions unless they are marked confidential  More Information