‹ Back
Building Trust 15 February 2016

Getting Ready for the 2016 Online Trust Audit

Craig Spiezle
By Craig SpiezleFormer Strategic Advisor

Got Trust?  The Online Trust Audit continues to serve as benchmark of security, privacy and consumer protection best practices for organizations throughout the world.  Consistent with OTA’s view such standards and practices need to continually evolve to reflect the threat landscape, new standards and regulatory requirements, this year’s methodology and scoring is being updated.

Initial changes for the 2016 methodology have focused on two primary areas, adoption of current SSL standards and the global privacy landscape, (already applied to the 2016 Presidential Candidates audit and planed audit for the upcoming eFile audit). As with past methodology updates made each year, the SSL tools have been enhanced to reflect compliance with current standards and protocols, while placing increased weighting on the exposure of known vulnerabilities and risks.

Through a multi-stakeholder review process the working group agreed to “raise the bar”.  Starting in 2016, sites with scores of SSL C’s will automatically receive failing grades in security, resulting in an overall audit fail.  This change was necessitated as the primary causes of C grades are typically easy to address and a site with such scores should not be considered in the same mix as those site qualifying for the Honor Roll with A or B SSL scores.

On the privacy front previous bonus points for short/layered notices and Do-Not-Track, (DNT) disclosures will move to part of the core privacy policy scoring methodology.   With the goals of supporting responsible privacy practices and the progress of the DNT standard through the W3C standard process, the disclosure (or more often the lack there of) of honoring or not honoring browser based Do-No-Track settings has been integrated into the core privacy score.  Sites which fail to disclose their status in honoring such user settings, or which function when third-party cookies are blocked, lose points as part of the core privacy policy scores. While some  sites currently point to self-regulatory solutions such as those proposed by the Digital Advertising Alliance (DAA), OTA — along with the privacy community, Federal Trade Commission and European Union — does not believe such solutions address the core consumer issues of data collection and usage and intent of the DNT standard.

Make a commitment and move from compliance to stewardship.  To see if your site and brand is postured to qualify for the 2016 Honor Roll, visit the Online Trust Audit Methodology.  Share your comments and help enhance data protection drive responsible privacy and data collection practices.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...

Join the conversation with Internet Society members around the world