Building Trust 4 March 2016

2016 Online Trust Audit Methodology Announced

Seattle, Washington – The Online Trust Alliance announced today the methodology for the forthcoming 2016 Online Trust Audit and Honor Roll. This marks the eighth consecutive year OTA has conducted its Online Trust Audit report to identify responsible privacy and data security practices and recognize leaders in the public and private sectors.

As the only comprehensive, independent online trust benchmark study, the Online Trust Audit evaluates sites in three categories: consumer protection, responsible privacy practices privacy and security. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll. This study is projected to analyze up to 1,000 consumer facing websites, including the Internet Retailer Top 500, FDIC 100 banks, top social networking companies, top 50 news and media companies, government agencies and leading Internet of Things (IoT) providers focused on home automation and wearable technologies. In addition the audit will reexamine the practices of the free e-File providers completed in February to track their compliance to IRS and industry security and privacy standards.

The 2016 methodology incorporates input from leading companies, consumer groups, security professionals and associations, who responded to OTA’s call for public comment issued last November, as well as generally accepted and deployed security standards. Data collection and evaluations will commence in late April running through mid-May, with the website report being published in June.

“As online trust continues to be tarnished by cybercrime and questionable business practices, now more than ever businesses need to move from a compliance mindset to one of adopting responsible data security and privacy enhancing best practices.   The Online Trust Audit and Honor Roll recognizes those companies committed to consumer protection, transparency and user control of their data and is a proof point for the importance of meaningful self-regulation,” said Craig Spiezle Executive Director and President, Online Trust Alliance.

The Online Trust Audit focuses on the three key pillars of online trust:

  • Consumer Protection – Email authentication, domain security and anti-phishing technologies.
  • Privacy – Policies and practices including data retention, disclosures, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers.
  • Security – Site configuration, Secure Socket Layer (SSL) infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls.

As the privacy and data security landscape continues to evolve, so does the methodology, criteria and scoring on the Online Trust Audit.  Some of the key changes in the 2016 methodology include tightened scoring on server and SSL configurations, increased weighting of DMARC records, TLS/SSL granularity and Do Not Track (DNT) disclosures. Addressing increasing consumer and regulatory concerns over the blurring of lines between advertising and editorial, the 2016 report will examine the use of native advertising and how such disclosures may impact consumer trust. Organizations who wish to support and aid in underwriting this research are encouraged to review the overview and OTA. 

OTA is hosting a webinar on Wednesday, March 23th at 8 AM PDT to help provide businesses the ability to better understand the methodology and underlying best practices to optimize their site’s trust score.  Register Today    

Read More

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

Related articles

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Building Trust 1 November 2019

Security Factsheet: Why Should Municipalities Make Network and Data Security a Priority?

Communities can minimize risk by being intentional about how and by whom networks and devices are used. These are...