Security by Design Guidelines (PDF)        Press Release        Supporting Organizations        Top 20 Questions        Resources 

Leaders Release Security Framework for Interactive Messaging Ecosystem
Best Practices to Protect Data Assets, Curb Identity Theft and Improve Online Trust

Seattle, Washington – April 20, 2011 – The Online Trust Alliance (OTA) today announced the release of its Security by Design Framework and a set of security practices for the interactive messaging ecosystem.  As cybercriminals have targeted businesses with increasing malice and precision, interactive marketers, their service providers, and others in the messaging ecosystem need to recognize their valuable data assets are at risk.  Left unchecked, data breach incidents can trigger a meltdown in consumer trust, jeopardizing consumer privacy and the viability of online communications and commerce.

To help combat these threats, the OTA has joined with other leading industry organizations, service and technology providers and major brands, to accelerate adoption of effective security measures.  The ‘Security by Design Framework’ and its recommended practices are intended to provide a basis for immediate action.  It’s predicated on the belief that all members of the messaging community have a stake in the preservation of consumer trust, data stewardship, and privacy. Creating a culture of security is a critical priority for the industry.

"As an online marketer, threats to trust are of great concern.  It is incumbent on all involved in the online ecosystem, Marketers and service providers alike to take responsibility for the data that is collected and treat it like the precious commodity that it is. The steps laid out by OTA serve as a foundation for businesses assess their own data security needs. The recent data breaches underscore the need to make this an important initiative for 2011 and beyond not only for technology teams, but business leaders as well", said Sal Tripi, Sr. Director of Operations, Privacy and Compliance, Publishers Clearing House.

“The Security by Design Framework transcends technology and requires that all organizations foster collaboration within their corporate and partner ecosystem.  By adopting these best practices, organizations will not just challenge their own security constructs but also ensure that prospective vendors and partners are adhering to the same high standards,” said David Daniels, CEO and Co-Founder of The Relevancy Group.

“Trust is at the cornerstone of our business.  While starting with the trust customers place in us, it extends to every interaction we have with each other as well.  So regardless of our role in the messaging ecosystem, we all have a contribution to make and a stake in the outcome of proving ourselves to be good custodians of customer data. As a messaging technology leader, we’re actively participating in this OTA initiative and encourage others to do the same,” said Dave Lewis, Chief Marketing Officer, Message Systems.

“As marketers are increasingly collecting sensitive and personal data, 'security by design' needs to become part of the industry’s DNA for every new service, feature and process,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance.  "This collaborative effort demonstrates a commitment to online trust and confidence and the vitality of the internet.  The willingness of businesses to make systemic changes while recognizing their role as data stewards, demonstrates leadership and a commitment to self-regulation.  We call on all organizations to embrace these efforts and help put trust back in email."

Supporting this initiative are a broad range of industry and business leaders who share a belief in the needs for increased security and data stewardship. Committee members include the Anti-Phishing Working Group, Constant Contact, Datran Media, DigiCert*, eCert, Internet Identity, Intersections*,  LashBack, Mark Monitor*, Marketo, Message Systems*, Microsoft, Publishers Clearing House*, Return Path*, The Relevancy Group, Stopbadware.com, Symantec*, TRUSTe*, and TrustSphere*.  The guidelines are posted at https://otalliance.org/securitybydesign.html

Steps to Effective "Security by Design

1. Create a cross-functional security team headed by a chief security officer (or equivalent) as a single point of authority with security accountability.

2. Map the data workflows within your organization and vendors to identify points of vulnerability.  Examine how you handle data, from collection and storage to transmission, usage and destruction.  Define who should have access to the data, how and why.

3.  Include security review milestones in the product development process, from concept development, functional specification development, design, testing and launch.

4. Audit your network infrastructure, mapping both internal and external facing sites and all points of connection.  Implement processes to monitor your network and data assets to detect unauthorized access or unusual patterns of activity.

5. Develop an incident response plan and team.  Include pre-defined action items and communication strategies that can be easily executed should a breach occur.

The “Security by Design Framework” builds on the recently released OTA’s 2011 Top 10 Recommendations to help Protect Consumers, https://otalliance.org/2011top10.html and OTA’s 2011 Data Breach & Loss Incident Planning Guide.

About The Online Trust Alliance (OTA) https://otalliance.org
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.

For media inquiries contact: