About Us Membership Resources OTA Members Login OTA

PRESS RELEASE

AOTA Recognizes World Data Privacy Day by Announcing Business Practices
Goal to Increase Consumer Trust & Online Confidence

SEATTLE, WA – January 28, 2009 – The Authentication and Online Trust Alliance (AOTA) today officially recognized World Data Privacy Day, by publishing its “top-ten” list of privacy principles and business practices. These guidelines many of which have been widely adopted by AOTA members over this past year, are a call to action for brands to help maximize consumer confidence and therefore spur economic growth.  

“As data collection continues to become a valuable asset for building relationships, so does the responsibility of the companies whom are the custodians of that data,” said AOTA Chairman and Founder Craig Spiezle.  “Consumers are demanding increased transparency and control of how their data is used.  It is no longer the wild-west of business practices. It’s imperative that businesses adopt these principles or suffer the consequences of a consumer trust meltdown, the concomitant reduction in sales and invite regulation.”

Following are the security and privacy measures AOTA suggests brands adopt:

  • Ensure all privacy policies are discoverable, transparent, and written to ensure consumer comprehension, accessible from every page of a site and email sent. All too often privacy policies are full of jargon appearing to be designed to reduce liability rather than to help consumers understand the impact to their personal data and privacy. 

  • Contact users providing them company privacy policy upon any program changes and periodically for consumer review with provisions for consumer choice or their data usage.

  • Establish and publish procedures for data collection, transfer and retention, and commit to third-party or self audits for compliance.

  • Support collaborative global public-privacy efforts to increase consumer awareness and education as well as the adoption of fair information practices privacy/security regimes. (e.g., appointing a Chief Privacy Officer with holistic responsibility for data at organizations big and small, increase consensus on unified, national standards for data privacy/security).

  • Support self-regulatory efforts to adopt standard data retention/use policies.

  • Set and publish standards of privacy, security, and data retention policies with clear accountability between first party sites and third party content providers and advertisers.

  • Create response plans for accidental disclosure of personal information and data breaches including notification to consumers and governmental agencies and providing relevant remedies to consumers (e.g., no-charge credit record monitoring services to consumers affected, or other remedies as appropriate).

  • Commit to authenticating all outbound email be authenticated with Domain Keys Identified Mail (DKIM) and/or Sender ID Framework (SIDF) to combat forged email and potential privacy exploits within six months. Email authentication provides ISPs the ability to validate the identity of the senders, curbing spoofed and forged email designed to deceive users.

  • Transactional sites adopt Extended Validation Secure Sockets Layer (EV SSL) Certificates, within six months or upon existing certificate expiration. EV SSL certificates validates the identity of the domain holder, providing users added trust and confidence in the sites they visit and reduces the ability of a domain to be spoofed.

  • All consumer facing sites obtain privacy certification and seals from a third party provider or other third-party consumer dispute resolution mechanisms.  Such accreditation programs provide consumer added online confidence

“All too often security and privacy policies are full of jargon, more concerned with reducing liability rather than helping consumers understand the impact to their personal data and privacy.  These guidelines set out by AOTA are a step in the right direction," said Ari Schwartz, Vice President of the Center for Democracy & Technology. "Concern is rising worldwide that privacy protection and polices try to build consumer trust without offering real protections.”    

“As the Internet becomes more and more prevalent everyday on multiple devices like mobile phones, it’s urgent that online brands recognize their responsibilities as stewards of personal data,” said Jules Polonetsky, Director of The Future of Privacy Forum. “The use of information to tailor user experiences will only succeed if users are confident that data is being used for their benefit.  AOTA’s principles are a guidepost for companies seeking to earn user trust”.

“The key to unlocking the full financial potential of online transactions is through gaining a consumer’s trust that their information is secure and giving them control over the uses of their information” said TRUSTe CEO, and AOTA Advisory Board Member Fran Maier. “In our recent study of the world’s most trusted brands, we found consumer recognition of privacy was significant when companies like American Express and eBay adopted strong principles.”

The United States, Canada and 27 European Countries are commemorating World Data Privacy Day on January 28. The primary goals of Data Privacy Day are to generate awareness and discussion about data privacy practices and consumer rights. Privacy Day offers many opportunities to learn more about data privacy and to take action to protect personal information, while also communicating the value exchange consumers revise from providing information and content they respectively receive from the ad supported internet.  

Aiding companies in these efforts, AOTA has updated its member and industry resource guide for brand protection and interactive marketing services.  This directory has been created to assist companies in enhancing consumer protection while improving their email deliverability, brand protection and ecommerce productivity.  https://aotalliance.org/resources/2009dir.pdf   

About The Authentication and Online Trust Alliance (AOTA):
Founded in October 2004, the mission of AOTA is to foster the elimination of email and Internet fraud, abuse and data intrusions, thereby enhancing online trust, confidence and online protection of businesses and consumers. The goals include but are not limited to facilitating best practices, data sharing, the deployment and implementation of authentication, identity and reputation solutions as well as domain defense strategies. AOTA represents over one million businesses and 500 million users worldwide, with members in Brazil, Canada, United Kingdom, Denmark, Germany, Romania, Singapore and the United States. AOTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including the Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Return Path, Symantec Corporation and VeriSign