Building Trust 18 September 2015

Does Your Favorite Presidential Candidate Make the Grade?

By Internet SocietyGuest Author

As the Presidential race kicks into high gear, voters are evaluating how candidates will tackle tough issues on foreign and domestic policy.  Let’s hope they don’t overlook topics relating to online privacy and security.  A recent Pew Research Center survey indicates that 74% of American believe control over personal information is “very important,” yet only 9% believe they have such control.

The Online Trust Alliance (OTA) recently looked at twenty-three candidates’ websites to determine how they are managing voters’ privacy and security concerns.

What we found might be surprising. Of the twenty-three candidates’ sites reviewed, only 6 received a “passing” grade on the three areas scored – privacy, security and consumer protection.  Those 6 candidates also made the “Honor Roll” for their data stewardship while the rest (17) received a failing grade, primarily for their privacy policies.  Most candidates had clear privacy policies in place but 4 didn’t have a discoverable policy so there is no way to know what happens to ones data. Voters should also take notice that when they sign-up to support or make a donation to a candidate, that information can also be shared or sold to other like-minded organizations.  While this may be standard operating procedure among political candidates the question has to be asked why politicians aren’t held to the same standards as e-commerce websites that must adhere to Fair Information Practice Principles, clearly stating the use, sharing and retention of data.

OTA recommends that candidates’ adhere to the following best practices:

  • Have a privacy policy that is short, less than 500 words, is multi-lingual, layered and is written for consumers not lawyers
  • Make privacy policy accessible via a link on the footer of every page, date stamped with archived updates
  • Restrict data sharing to only third parties necessary to support your campaign
  • Honor a donor’s request to unsubscribe from your mailing lists and remove data from database
  • Respect a user’s browser “Do Not Track” setting
  • Prepare for a data breach and have an incident readiness plan
  • Ensure that email servers are configured to help protect consumers from spear phishing and forged email

For more information download the audit and join us for a webinar about the Presidential Honor Roll and methodology on Friday, September 25th at 10 a.m. PDT/1 p.m. EDT. 

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...