As the Presidential race kicks into high gear, voters are evaluating how candidates will tackle tough issues on foreign and domestic policy. Let’s hope they don’t overlook topics relating to online privacy and security. A recent Pew Research Center survey indicates that 74% of American believe control over personal information is “very important,” yet only 9% believe they have such control.
The Online Trust Alliance (OTA) recently looked at twenty-three candidates’ websites to determine how they are managing voters’ privacy and security concerns.
What we found might be surprising. Of the twenty-three candidates’ sites reviewed, only 6 received a “passing” grade on the three areas scored – privacy, security and consumer protection. Those 6 candidates also made the “Honor Roll” for their data stewardship while the rest (17) received a failing grade, primarily for their privacy policies. Most candidates had clear privacy policies in place but 4 didn’t have a discoverable policy so there is no way to know what happens to ones data. Voters should also take notice that when they sign-up to support or make a donation to a candidate, that information can also be shared or sold to other like-minded organizations. While this may be standard operating procedure among political candidates the question has to be asked why politicians aren’t held to the same standards as e-commerce websites that must adhere to Fair Information Practice Principles, clearly stating the use, sharing and retention of data.
OTA recommends that candidates’ adhere to the following best practices:
- Have a privacy policy that is short, less than 500 words, is multi-lingual, layered and is written for consumers not lawyers
- Make privacy policy accessible via a link on the footer of every page, date stamped with archived updates
- Restrict data sharing to only third parties necessary to support your campaign
- Honor a donor’s request to unsubscribe from your mailing lists and remove data from database
- Respect a user’s browser “Do Not Track” setting
- Prepare for a data breach and have an incident readiness plan
- Ensure that email servers are configured to help protect consumers from spear phishing and forged email
For more information download the audit and join us for a webinar about the Presidential Honor Roll and methodology on Friday, September 25th at 10 a.m. PDT/1 p.m. EDT.