Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:03 PM
Dark Reading
Dark Reading
Products and Releases

Online Trust Alliance Release Framework For Protecting Consumer Data

As organizations accumulate vast amounts of user data, the responsibilities of data stewardship have increased significantly

Seattle WA, " January 27 " In recognition of Data Privacy Day, a worldwide initiative to promote the importance of data and consumer protection, the Online Trust Alliance (OTA) has released a comprehensive planning guide to help businesses improve data governance and prepare for potential data breaches. According to OTA, research and data from the Identity Theft Research Center, data breaches involving personally identifiable information (PII), increased over 623% this past year from only 35.7 million in 2008 to over 222.4 million in 2009.

As organizations accumulate vast amounts of user data, the responsibilities of data stewardship have increased significantly. Recent high-profile data breaches and cybersecurity incidents have shown that financial institutions, retailers, healthcare providers, educational institutions, government agencies, and others are all susceptible and at risk.

In response, OTA along with a coalition of industry and business organizations developed a framework to assist businesses and government agencies in establishing data governance and incident plans to increase consumer protection. Over a dozen organizations from Europe, Asia Pacific, and North America have collaborated in this effort, demonstrating a commitment to consumer protection and business self-governance..

"Protecting consumers' personal information and their ability to defend against and respond to data breaches must be top priorities for the business community and for all organizations that maintain databases," said Washington State Attorney General, Rob McKenna. "Preventing identity theft is a key objective for our state. We encourage businesses to consider the resources being provided by OTA and other organizations".

"At Publishers Clearing House we understand that maintaining consumer trust is key to a long, successful relationship with our customers. While we go to great lengths to protect and secure user data, we also acknowledge the need to plan for the unforeseen. We are pleased OTA has raised this issue and laid out a framework for businesses to follow. As more companies adopt this plan, consumer confidence and trust will increase," said Andrew Goldberg, President and CEO, Publishers Clearing House.

"Our merchants have a vested interest in ensuring the relevancy and trust of their on-line correspondence and brand identity. OTA's Principals and planning guide provide a roadmap for protection of personal data that our customers strive to protect," said Michael L. Herman, Compliance Managing Director, Chase Paymentech Solutions.

The planning guide is produced as a collaborative effort by leading organizations that are committed to consumer protection. The guide includes recommendations for 1) Data Governance and Data Loss Prevention, 2) Incident Response Planning, and 3) Training and Testing.

"Few if any other incidents can damage a company's reputation and consumers' trust more than a breach of personal data," said Craig Spiezle, Executive Director of OTA. "Without preventative measures and a comprehensive plan, companies risk negatively impacting their customers.

This plan represents a strong commitment to consumer protection with concrete steps to help protect the vitality of the Internet." Organizations that participated in the creation of the plan include the Anti-Phishing Working Group (APWG), the Direct Marketing Association (DMA), Direct Marketing Association of Singapore (DMAS), eco (the German Internet Association), the Internet Security Alliance (ISA), the Merchant Risk Council (MRC), the US Chamber of Commerce, and OTA Member Companies.

Copies of the plan and business resources are posted at https://www.otalliance.org/resources/Incident.html.

About The Online Trust Alliance (OTA) https://otalliance.org/ The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers. Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Cisco System, Datran Media, Epsilon, Iconix, Internet Identity, Intersections Inc, MarkMonitor, Message Systems, Microsoft Corporation, McAfee, Publishers Clearing House, Return Path, Secunia, Symantec Corporation, TRUSTe and VeriSign.

For media-related inquiries contact:

Liz Shambaugh Online Trust Alliance [email protected] 425-785-7234

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.