Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/23/2009
02:19 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

OTA Asks FTC For Standardized Privacy And More Browser Controls

OTA recommends a three-fold approach

Seattle, WA " December 21, 2009 " The Online Trust Alliance today submitted public comments supporting the upcoming FTC Privacy Roundtable to be held on January 28th in Berkeley, California. OTA recommends a three-fold approach; 1) advancement of a standardized Privacy & Data Collection Statement, 2) Increased integration of privacy based browser controls and 3) encourage businesses to advise consumers to upgrade when using insecure browsers.

Not unlike a health department rating for a restaurant, an automotive "Monroney" Sticker or a nutrition label on a food product, a standardized framework is required to enable consumers to make informed choices regarding any data collection during online activities A conceptual Privacy & Data Collection Statement, is recommended for all sites, online services, email marketers as well as retail points of collection which collect and track consumer behavior data.

"A framework which empowers consumers to make informed decision on the sharing their data and the use of a browser with integrated privacy controls is essential to the vitality of the digital life style" said Craig Spiezle, Executive Director of the Online Trust Alliance. "In this period with online trust being eroded by cybercrime and deceptive business practices, those businesses who are early adopters will realize a "trust dividend" in the eyes of the consumer and in the wallets of the stockholders, said Spiezle".

Advancing consumer controls and notice are core to OTA's Online Principles. The benefits includes providing consumers: 1) a concise and comparative view to how sites will use their data; 2) an understanding of the value they are receiving, and 3) an ability to manage their data that they submit or which may have previously been collected. Businesses benefit by: 1) consumers realizing an increased trust and confidence in their brand and 2) an ability to differentiate their business practices.

Today most browsers provide features and settings to aid consumers in maintaining their privacy though their implementation and usability are limited, and discoverability is extremely low. OTA encourages browser vendors to continue to innovate for the benefit of the consumer, while providing web sites the ability to know when such features are enabled. In order to maximize consumer control, these features are recommended to be 1) integrated into the browser, 2) discoverable, 3) intuitive and 4) provide teachable moments that all segments of users can easily comprehend.

To accelerate consumer protection, OTA is calling on all commence, financial services and government sites to encourage users to upgrade their outdated and insecure browsers. Yesterday's browsers lack the essential data security and privacy controls, as well malware and phishing protection, which present a significant threat to their personal data and privacy.

Through a combination of standardized notice, integrated browser controls and teachable moments, these recommendations support the FTC goals, while helping to maximize online trust and confidence and the long-term vitality of online marketing, advertising and consumer services.

OTA FTC Public Comments (PDF)

About The Online Trust Alliance (OTA) https://otalliance.org/ The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers. Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Cisco System, Datran Media, Epsilon, Iconix, Internet Identity, Intersections Inc, MarkMonitor, Message Systems, Microsoft Corporation, McAfee, Publishers Clearing House, Return Path, Secunia, Symantec Corporation, TRUSTe and VeriSign.

For media-related inquiries contact:

Liz Shambaugh Online Trust Alliance [email protected] 425-785-7234

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.