Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/21/2009
02:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Online Trust Alliance Issues Draft Principles For Online Trust

Principles help establish business practices that provide consumer, e-commerce, online marketing protection

Seattle WA " May 20, 2009 " Today the Online Trust Alliance (OTA) released its 2009 draft Online Trust Principles for public comment. The Principles are a major step toward establishing business practices that afford greater consumer online protection and the long term vitality of online commence and interactive marketing.

After a 30-day comment period and subsequent ratification, OTA will work with business and regulatory agencies to drive adoption " focusing on leading ecommerce and banking sites that are stewards of significant amounts of consumer data and, therefore, at risk as frequent targets of online exploits. Those brands which show the highest level of support will be recognized and be eligible for OTA's annual online safety awards.

"Implementation of these Principles is not only achievable but required to ensure consumers' peace of mind and protect the online economy from abuse," said OTA Founder and Chairman Craig Spiezle. "We look forward to our continuing work with the world's leading brands and organizations to help them realize a new level of trust with their customers."

The Online Trust Principles are broken down into three categories: 1) Infrastructure, protection of servers, web sites, desktops and mobile devices 2) Data, that includes both sensitive and Personally Identifiable Information (PII) 3) User Control, Choice and Privacy

Taken together, these Principles will help prevent, detect and remediate threats and business practices that can compromise consumers' online trust and confidence, including their identity and privacy. Copies of the draft Principles may be found at https://www.otalliance.org/resources/principles.html.

"Publishers Clearing House is proud to work with OTA on this critical and timely mission. It is our belief that marketers and brands should be working closely with industry associations in order to develop a comprehensive plan aimed at protecting our consumers and the online community," said Andy Goldberg, Publishers Clearing House President and CEO. "Consumer trust and confidence in the online ecosystem is a critical component for the success of the Publishers Clearing House online network."

OTA's position is that adherence to these Principles should be mandatory for all companies engaged in ecommerce and online banking. They are consistent with FTC and European mandates and guidelines that stipulate businesses apply "reasonable security" in protecting sensitive personal information. These Principles exemplify industry and government collaboration and demonstrate a shared commitment to self-regulation and accountability in order to help provide consumer choice and protection.

As part of its international charter, OTA will be hosting a Town Hall discussion on the Online Trust Principles in Copenhagen on Thursday June 4th and in Amsterdam on Monday June 8th. Supported in part by European Steering Committee member Secunia, and the Dutch Email Marketing Associations, these events will be an opportunity for all parties to participate in this important dialogue. Subsequent town halls are being planned for Singapore and Australia. Details are posted at https://www.otalliance.org/events/index.html

Companies and individuals should submit their comments for the Online Trust Principles on their company letterhead to [email protected] Unless requested not to, OTA may at its sole discretion, make all submissions public.

About The Online Trust Alliance (OTA) https://otalliance.org/ The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers. Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Publishers Clearing House, Return Path, Secunia, Symantec Corporation and VeriSign.

For media-related inquiries, contact:

Liz Shambaugh [email protected] 425-785-7234

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.