Building Trust 14 September 2016

Online Trust Alliance Requests Public Comment for 2017 Online Trust Audit Methodology

Annual trust assessment recognizes companies’ commitment to security & privacy

BELLEVUE, Wash. and SAN JOSE, Calif. – The Online Trust Alliance (OTA) today issued a call for public comments on criteria for inclusion in the 2017 Online Trust Audit. Now in its ninth year, the Audit is recognized as benchmark research for evaluating responsible privacy and data security practices of over 1,000 consumer facing sites across the public and private sectors. Speaking at the IAPP’s Privacy. Risk. Security Conference session tomorrow entitled “Making The Grade: Moving from Compliance to Stewardship,” OTA will be critiquing 2016 results and inviting suggestions for best practices which further enhance consumer protection, data security and user privacy.

The primary goals of the Audit include:

  1. Provide benchmark tracking of industry standards and best practices.
  2. Giving prescriptive tools and resources to aid companies in enhancing their practices. 
  3. Reward and recognize organizations achieving top scores, demonstrating a commitment to online trust and consumer protection.

As the only comprehensive, independent, online trust benchmark study, the Audit evaluates sites on three primary categories including security, privacy and consumer protection practices. The Audit includes over 50 criteria ranging from site security and privacy policies to prevalence of third party data tracking and sharing to reputation analysis of domains, IP addresses and marketing practices. Sectors evaluated include banking, ecommerce, online services, content and public sector government sites.

This year a record 50 percent of sites achieved scores of 80 percent or higher, confirming that while the bar is raised every year, the criteria are achievable by organizations of all sizes in all industries. OTA updates the criteria and scoring models annually, incorporating input from industry, government agencies, consumer groups, trade associations, and generally accepted and deployed security standards. The 2016 methodology is supported by data provided through a combination of leading technology providers and OTA’s internal assessment tools.

“In order to maintain consumer trust and confidence and spur the vitality of online services, it is imperative that organizations double-down on security and privacy measures,” said Craig Spiezle Executive Director and President, Online Trust Alliance. “The Online Trust Audit recognizes companies embracing data stewardship, transparency and a commitment to consumer protection.”

In order to be considered, recommendations for new or revised metrics must: 

  1. Be vendor neutral and reflect generally accepted industry and business standards
  2. Allow for automation (i.e., must not require manual data collection)
  3. Be applicable internationally and across banking, ecommerce, online services, public sector government and news/media sectors

OTA’s Internet Trustworthy Working Group is currently evaluating possible additions including adoption of multi-factor authentication, business reputation scoring and email marketing practices. In addition, assessment of sites’ publically discoverable vulnerability reporting mechanisms is under consideration to promote responsible vulnerability disclosures.

Comments for the 2017 methodology should be submitted to OTA via email to [email protected] in a word document or PDF.  All submissions must include contact information and an outline of the criteria and reference material to be considered for inclusion. The deadline is 5 PM PST, Thursday, November 3, 2016. OTA may post all submissions unless they are marked confidential  More Information

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

Related resources

Building Trust 8 October 2019

OTA’s Trust Audit Scores U.S. Presidential Candidates’ Campaigns, Finds Major Failures in Privacy Statements

Reston, VA. – October 8, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 25 September 2019

The Internet Society’s Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

Criteria updated to include increased focus on encryption and global privacy regulations; international retail segments added

Building Trust 9 July 2019

Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018

Reston, VA – July 9, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...