Committees helped to develop best practices, foster collaboration, and promote stewardship, security, and corporate responsibility. As the Online Trust Alliance (OTA) is no longer an active project, the information here are preserved for historical purposes but participation in the committees is not available anymore.
Instead, become an Internet Society organization member and be a part of creating an Internet for everyone.
Addressing the mounting concerns and collective impact of connected devices, the IoT Committee focused on fostering collaboration, promoting the benefits of bringing “trusted” IoT devices and services to scale, and promoting the importance of self-regulation and voluntary codes of conduct addressing security, privacy, and life-cycle risks and concerns.
Annual data breaches now top billions of exposed records and the growing data economy brings with it growing risk. The Data Protecion Committee focused on the development and advancement of best practices and prescriptive advice to enhance data protection practices and promote planning to mitigate cyber breaches and data loss incidents. A key deliverable of this committee was OTA’s annual Data Protection Breach Readiness Guide, one of OTA’s most popular reports.
The Trust Audit Planning Committee participated in the planning of the annual Online Trust Audit & Honor Roll, including reviewing new criteria, evaluating automated tools, and providing input into the weighting and scoring of data elements. The Audit holistically examined security, privacy, and consumer protection best practices.
Email plays a critical role in today’s online ecosystem. The Email Security & Integrity Committee focused on increasing the integrity and trust of legitimate email, while reducing spearphishing, spam, and social engineering email exploits. The group worked to promote adoption of email security and best practices for all classes of email senders and receivers, including interactive marketers, ISPs, enterprises, and government agencies. Key efforts included promoting the business and technical value of SPF, DKIM, DMARC, and TLS.
The Infrastructure & TLS/SSL Best Practices Committee advanced best practices to protect critical infrastructure from exploits and vulnerabilities, and increased resiliency by supporting identity, authentication, brand protection, anti-fraud, and trust mechanisms. The group tracked risks (e.g. malvertising), highlighted current and emerging best practices, developed business and technical value propositions, and provided tools, outreach, and resources to advance adoption of best practices. The Committee was generally a discussion list for service/cloud providers interested in the integrity and security of their services and supply chains.
The Privacy Committee promoted best practices including tools and technologies that allowed users to opt out of third-party data collection, while underscoring the value exchange consumers receive from ad-supported sites and services. The group promoted the need to move from a compliance mindset on data collection, retention, and usage, to one of stewardship.