Prominent web sites made big strides last year to up their consumer protection, security and privacy protection practices, according to the annual ratings of the Online Trust Alliance.
The OTA, a part of the Internet Society, said Tuesday that 70 per cent of the sites it chose for evaluation achieved Honor Roll status, up from 52 per cent in 2017.
Among them was td.com, site of Canada’s TD Bank.
The increase in the percentage of Honor Roll members over 2017 was largely driven primarily by improvements in email authentication and session encryption, the report said.
Sites were scored on a composite weighted analysis in three categories: consumer protection, site security, and responsible privacy practices. Those that scored 80 per cent or better overall, without failing in any one category made the Honor Roll. Among the criteria was compliance with the tough European Union General Data Protection Regulation (GDPR).
“Given that the methodology was updated to “raise the bar” in all three scoring categories, this is impressive,” said the report.
The OTA Honor Roll was created to promote security best practices, data stewardship and responsible privacy practices.
The audit looked at more than 1,200 English-language websites that were aimed at consumers, broken into categories (including top online retailers, banks, consumer services, healthcare, news and media).
However, the list is heavily weighted at web sites focused on the U.S. The 1,200 sites chosen for audit were based on company revenue and Internet traffic, which favours large organizations. Banks chosen were the top 100 financial institutions by assets according to the U.S. government Federal Deposit Insurance Corp, And in the government category only U.S. government departments were rated.
In response OTA technical director Jeff Wilbur said “a sampling of global companies or those based in other countries” were among the 1,200 rated. Many companies headquartered outside the U.S. were included in the Internet Retailer category, he said. The News and Media sector has several entries from the U.K.
“In future audits, we expect to extend sectors to include organizations from other regions around the world,” he added.
The top scoring site of the 1,200 was Google Play. Among the prominent brands in the Top 50 were YouTube, Walmart, Twitter, Fitbit, the Gap, DocuSign, Flickr, PayPal and Apple.
The goal of the audit — which allows sites to put an Honor Roll logo on their pages — is to encourage organizations to improve security and privacy. It also mentions those that need to work harder to earn society’s trust.
Download the full report at https://otalliance.org/HonorRoll.
Ninety-three percent of sites studied encrypted all web sessions by using HTTPS (compared to 52 percent in 2017). Email authentication was at record highs: 76 percent of sites use both SPF and DKIM (versus 48 percent in 2017) and 50 percent have a DMARC record (versus 34 percent previously).
But there were some troubling results. Use of mechanisms for vulnerability reporting rose sharply in online retail, news and hosting companies, but were used by only 11 percent of organizations studied overall.
And while 85 percent of audited consumer services sites made the Honor Roll, they also had the highest breach rate (34 percent).
“Despite heightened awareness and sensitivity to privacy … privacy statements have improved little, and most organizations are scoring less than 50 per cent on the privacy statement portion of the audit,” the report said.
“Of particular concern is the largely undefined sharing of data with third-party affiliates. Initial baselining of GDPR-related requirements revealed a wide range of adoption – from 1 per cent to 95 per cent, depending on the requirement – and this will need to be addressed as the regulatory environment, whether at the state or global level, continues to evolve.”
The report also put the Honor Roll in some perspective by noting the 2018 CIGI-Ipsos Global Survey of public attitudes on Internet security and trust. The numbers paint “a bleak picture of the state of online trust. More than half of those surveyed are more concerned about privacy than the year before, and the majority have a high level of distrust of social media platforms, search engines and Internet technology companies,” the report says.
“In many areas, business practices are moving out of alignment with consumer expectations. Left unchecked, mistrust in the privacy and security offered by organizations may have chilling effects. For the Internet economy to prosper, users need to be able to trust that their personal information will be secure, their preferences respected and their privacy protected.”