The Online Trust Alliance has released the results of its ninth annual Online Trust Audit and Honor Roll, this year finding an overall increase in trustworthy websites, with some caveats. Consumer services websites — non-retail sites that require a login — received the OTA's highest marks, while banking and government websites scored the lowest.
In its annual audit, the OTA, which is now part of an Internet Society initiative, analyzes more than 1,000 consumer-facing websites to assess their privacy, security and consumer protection practices. Overall, the audit revealed 52 percent of the websites analyzed qualified for the honor roll, an uptick of five percent over last year. But the audit also found what it considers an "alarming three-year trend" that finds websites are either making the grade or completely failing to meet the OTA's trustworthy objectives.
In a phone conversation with The Privacy Advisor, OTA Founder and Chairman Emeritus Craig Spiezle said this "bimodal" distribution is a bad sign. "There's no middle ground," he said. "It's as if students are either getting As or are getting Fs." Spiezle says this indicates that organizations are either taking privacy very seriously or not at all.
On the flip side, the OTA saw a dramatic improvement in the privacy practices of online news sites. This year, 48 percent of news and media sites made the grade, the most significant improvement in the past year among all industries surveyed by the OTA. Last year, only 23 percent of news and media sites met the criteria.
"This is a real comeback story," Speilze said of the news and media industry. "Just four years ago, only four percent of this sector" met the OTA's standards. He said the industry's privacy policies are getting much better. He also praised the work of Digital Content Next, a trade organization for online publishers. "We did briefings with their members and pointed to where privacy policies had holes in them. Clearly, they rallied to the call."
The poorest performing industry sectors this year went to the federal government and the banking industry. Thirty-nine percent of government websites made the honor roll, a decrease of seven percent from last year, while the banking industry saw the largest decline overall. Only 27 percent of the FDIC 100 banks audited by the OTA qualified, a drop of 28 percent from last year.
The OTA also included a new industry category this year that focused on internet service providers, carriers, hosts and email providers. Spiezle said they foresaw the need to do this with the Federal Communications Commission proposed broadband privacy rules and eventual rollback.
After such conversations, organizations will often take a step back and ask, "Are we doing what we say we're doing? Could we be clearer?" Spiezle says he often sees amazing results from this process. Sites end up clarifying and improving their policies, making them more user-friendly, transparent, and easy to read.
"That's rewarding," he said. "We're not adversaries; we're trying to help."
Now for the OTA, next year's audit starts today, according to Spiezle, and with the General Data Protection Regulation set to be in full effect by the OTA's 10th annual audit, there will be lots to talk about. He says the GDPR is a call to action — something about which he'll speak further at the IAPP's P.S.R. Conference in San Diego this fall. The regulation will create the need for a "rethink" about how organizations collect, process, share and delete personal data.
Moving forward, Spiezle invites feedback and collaboration with industry: "We don't want to do this in a bubble. We want to be open and collaborative, to recognize leadership in the field and gain feedback from industry."
If you want to comment on this post, you need to login.