Online Trust Alliance Requests Public Comment for 2017 Online Trust Audit Methodology

Share Article

Annual trust assessment recognizes companies’ commitment to security & privacy

In order to maintain consumer trust and confidence and spur the vitality of online services, it is imperative that organizations double-down on security and privacy measures.

The Online Trust Alliance (OTA) today issued a call for public comments on criteria for inclusion in the 2017 Online Trust Audit. Now in its ninth year, the Audit is recognized as benchmark research for evaluating responsible privacy and data security practices of over 1,000 consumer facing sites across the public and private sectors. Speaking at the IAPP’s Privacy. Risk. Security Conference session tomorrow entitled “Making The Grade Moving from Compliance to Stewardship,” OTA will be critiquing 2016 results and inviting suggestions for best practices which further enhance consumer protection, data security and user privacy.

The primary goals of the Audit include:
1.    Provide benchmark tracking of industry standards and best practices.
2.    Giving prescriptive tools and resources to aid companies in enhancing their practices.
3.    Reward and recognize organizations achieving top scores, demonstrating a commitment to online trust and consumer protection.

As the only comprehensive, independent, online trust benchmark study, the Audit evaluates sites on three primary categories including security, privacy and consumer protection practices. The Audit includes over 50 criteria ranging from site security and privacy policies to prevalence of third party data tracking and sharing to reputation analysis of domains, IP addresses and marketing practices. Sectors evaluated include banking, ecommerce, online services, content and public sector government sites.

This year a record 50 percent of sites achieved scores of 80 percent or higher, confirming that while the bar is raised every year, the criteria are achievable by organizations of all sizes in all industries. OTA updates the criteria and scoring models annually, incorporating input from industry, government agencies, consumer groups, trade associations, and generally accepted and deployed security standards. The 2016 methodology can be found at, and is supported by data provided through a combination of leading technology providers and OTA’s internal assessment tools.

“In order to maintain consumer trust and confidence and spur the vitality of online services, it is imperative that organizations double-down on security and privacy measures,” said Craig Spiezle Executive Director and President, Online Trust Alliance. “The Online Trust Audit recognizes companies embracing data stewardship, transparency and a commitment to consumer protection.”

In order to be considered, recommendations for new or revised metrics must:
1.    Be vendor neutral and reflect generally accepted industry and business standards
2.    Allow for automation (i.e., must not require manual data collection)
3.    Be applicable internationally and across banking, ecommerce, online services, public sector government and news/media sectors

OTA’s Internet Trustworthy Working Group is currently evaluating possible additions including adoption of multi-factor authentication, business reputation scoring and email marketing practices. In addition, assessment of sites’ publically discoverable vulnerability reporting mechanisms is under consideration to promote responsible vulnerability disclosures.

Comments for the 2017 methodology are due to admin(at) by 5 PM PST, Thursday, November 3, 2016. For more information please visit

About OTA
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, mobile, interactive marketing, financial, service provider, government agency and industry organization sectors.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jaci Hendricks-Scott

Andrew Goss

Email >
Follow >