Donate
‹ Back
Building Trust 15 February 2016

Getting Ready for the 2016 Online Trust Audit

Craig Spiezle
By Craig SpiezleFormer Strategic Advisor

Got Trust?  The Online Trust Audit continues to serve as benchmark of security, privacy and consumer protection best practices for organizations throughout the world.  Consistent with OTA’s view such standards and practices need to continually evolve to reflect the threat landscape, new standards and regulatory requirements, this year’s methodology and scoring is being updated.

Initial changes for the 2016 methodology have focused on two primary areas, adoption of current SSL standards and the global privacy landscape, (already applied to the 2016 Presidential Candidates audit and planed audit for the upcoming eFile audit). As with past methodology updates made each year, the SSL tools have been enhanced to reflect compliance with current standards and protocols, while placing increased weighting on the exposure of known vulnerabilities and risks.

Through a multi-stakeholder review process the working group agreed to “raise the bar”.  Starting in 2016, sites with scores of SSL C’s will automatically receive failing grades in security, resulting in an overall audit fail.  This change was necessitated as the primary causes of C grades are typically easy to address and a site with such scores should not be considered in the same mix as those site qualifying for the Honor Roll with A or B SSL scores.

On the privacy front previous bonus points for short/layered notices and Do-Not-Track, (DNT) disclosures will move to part of the core privacy policy scoring methodology.   With the goals of supporting responsible privacy practices and the progress of the DNT standard through the W3C standard process, the disclosure (or more often the lack there of) of honoring or not honoring browser based Do-No-Track settings has been integrated into the core privacy score.  Sites which fail to disclose their status in honoring such user settings, or which function when third-party cookies are blocked, lose points as part of the core privacy policy scores. While some  sites currently point to self-regulatory solutions such as those proposed by the Digital Advertising Alliance (DAA), OTA — along with the privacy community, Federal Trade Commission and European Union — does not believe such solutions address the core consumer issues of data collection and usage and intent of the DNT standard.

Make a commitment and move from compliance to stewardship.  To see if your site and brand is postured to qualify for the 2016 Honor Roll, visit the Online Trust Audit Methodology.  Share your comments and help enhance data protection drive responsible privacy and data collection practices.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Announcing the Online Trust Audit & Honor Roll Methodology for 2018
Announcing the Online Trust Audit & Honor Roll Methodology for 2018
Building Trust23 August 2018

Announcing the Online Trust Audit & Honor Roll Methodology for 2018

The Online Trust Alliance (OTA) is an Internet Society initiative that aims to enhance online trust, user empowerment, and innovation...

Privacy Regulations Are Evolving: Are Organizations Ready?
Privacy Regulations Are Evolving: Are Organizations Ready?
Building Trust20 September 2019

Privacy Regulations Are Evolving: Are Organizations Ready?

Privacy statements are both a point of contact to inform users about their data and a way to show governments...

Trust and Taxes
Building Trust24 February 2016

Trust and Taxes

Author: Madelon Smith Tax season.  It's that time again for taxpayers and cybercriminals. While earners work to complete their 1040s, criminals tune...

Join the conversation with Internet Society members around the world