Audit Finds Consumer Services Websites Have Best Security and Privacy Policies

Twitter and HealthCare.gov score highest in OTA’s analysis of 1,000 consumer websites

BELLEVUE, Wash. – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, announced today the results of its 2016 Online Trust Audit & Honor Roll—the de facto standard for recognizing excellence in consumer protection, data security and responsible privacy practices for the world’s top companies. 

OTA’s 8th annual Online Trust Audit & Honor Roll of approximately 1,000 consumer-facing websites revealed that 50 percent of analyzed websites qualified for the Honor Roll, a six percent improvement over 2015. The consumer services category scored the highest with 72 percent earning an Honor Roll designation. OTA considers consumer services any website that requires consumers to create an online account such as social media, file sharing or dating. The news & media category scored lowest with 23 percent making the Honor Roll, although this is a 300 percent improvement over their score in 2015.

“OTA congratulates all Honor Roll recipients who have demonstrated excellence and leadership in consumer protection,” said Craig Spiezle, executive director of the Online Trust Alliance. “It’s evident that many companies have moved beyond compliance, and are adopting meaningful self-regulation and data-stewardship practices. However, it is imperative that organizations double-down on security and privacy measures in this age of high-profile data breaches in order to maintain consumer trust and confidence.” 

2016 Online Trust Audit Virtual Press Room

Top Ten Scoring Websites in Consumer Protection, Data Security & Privacy
The ten highest-scoring sites cover a wide range of industries from social media to online services, government and retail. They are:

1. Twitter (twitter.com)
2. HealthCare.gov (healthcare.gov)
3. Pinterest (pinterest.com) 
4. The White House (whitehouse.gov)
5. Dropbox (dropbox.com)
6. FileYourTaxes (fileyourtaxes.com)
7. LifeLock (lifelock.com)
8. Instagram (instagram.com)
9. 1040.com (1040.com)
10. The Gap (gap.com)

“Security and privacy remain the bedrock of consumer trust. As the overall top scorer in OTA’s Online Trust Audit & Honor Roll, Twitter is honored to be recognized for our efforts,” said Twitter Trust & Information Security Officer, Michael Coates. “These best practices of our users’ data are critical for the long-term health and future innovation of the Internet. We are committed to build on our collaboration between the public and sectors in driving their adoption.”

Industry Highlights
Arranged in descending order from best to worst performing industries:

Consumer Services: Sites in this category scored the highest overall, with 72 percent making the Honor Roll in an impressive 14 percent improvement over 2015. It also had the widest range of individual scores. The top scorers were: 1) Twitter, 2) Pinterest, 3) Dropbox, 4) FileYourTaxes.com, 5) LifeLock. 

FDIC Member Banks: 55 percent of the top 100 FDIC banking sites made the Honor Roll, up from 46 percent in 2015. This sector has shown consistent, significant improvement in their Honor Roll score over the last several years. The top scorers were 1) IBERIABANK, 2) First-Citizen’s Bank & Trust Company, 3) USAA Federal Savings, 4) Wells Fargo, 5) State Farm Bank.

Government: 46 percent of audited U.S. federal government sites made the Honor Roll. Most failures in this category were due to inadequate adoption of email authentication standards. The top scorers were: 1) HealthCare.gov, 2) the White House, 3) the Federal Trade Commission, 4) the Social Security Administration, 5) the U.S. Postal Service. 

Internet Retailers: 44 percent of the top 500 Internet retailers made the Honor Roll in a small improvement over last year’s scores. The top scorers were: 1) Gap, 2) LivingSocial, 3) Warby Parker, 4) (3-way tie) Google Play, Pep Boys and Weight Watchers.

News & Media: This category scored the lowest on this year’s audit with 23 percent making the Honor Roll. Primary causes for failure were incomplete privacy policies and heavy use of third party data trackers. However, this is a significant improvement over this category’s 8 percent score from last year. The top scorers were 1) Google News, 2) Reddit, 3) Yahoo News, 4) BuzzFeed, 5) MSN News.

“Consumers need confidence that their data is secure and privacy is respected,” said Roxane Divol, senior vice president and general manager, Website Security, Symantec. “As an Honor Roll recipient, Symantec encourages all sites to embrace these practices including encrypting all their site traffic, helping to enhance the privacy and security as consumers browse, bank, and buy online.” 

Methodology
To qualify for Honor Roll status, an organization must receive a composite score of 80 percent or better and a score of at least 55 percent in each category. Failing any one category will automatically cause a company to fail overall.

Event Details
A public briefing about the results of the 2016 Honor Roll will be held today at 8:00am EDT at Symantec’s Briefing Center in Washington DC at 700 13th St NW, Suite 1150. Congresswoman Suzan DelBene (WA-01) and Congressman John Ratcliffe (TX-04) will keynote the event and Craig Spiezle, executive director of the Online Trust Alliance, will share key findings from the report. Prof. David Vladek of Georgetown University, former director of the Federal Trade Commission’s Bureau of Consumer Protection, will moderate a panel of Honor Roll recipients that include representatives from American Greetings Interactive, LivingSocial, the National Association of REALTORS and Twitter.

The complete 2016 Online Trust Audit & Honor Roll report can be found at otalliance.org/HonorRoll. OTA will discuss these results in a webinar on June 28th. The 2016 report was funded in part by grants and donations from leading organizations including Symantec, DigiCert, ThreatWave, Act-On Software, Distil Networks and SiteLock.