Authentication Alliance Marks Data Privacy Day With Consumer Trust Best Practices

To mark World Data Privacy Day, Jan. 28, the Authentication and Online Trust Alliance published its top 10 list of privacy principles and business practices. These practices, many of which have been widely adopted by AOTA members, are calls to action for companies to help maximize consumer confidence and ultimately spur economic growth.

To mark World Data Privacy Day, Jan. 28, the Authentication and Online Trust Alliance published its top 10 list of privacy principles and business practices. These practices, many of which have been widely adopted by AOTA members, are calls to action for companies to help maximize consumer confidence and ultimately spur economic growth.

To me, it’s pretty simple: Adopt these principles or suffer the consequences of a consumer trust meltdown. And that could invite regulation, according to AOTA Founder/Chairman Criag Spiezel. Here’s what the group recommends you do, edited a bit:

1. Ensure all privacy policies are discoverable, transparent and written to ensure consumer comprehension, accessible from every page of a Web site and/or e-mail.

2. Periodically contact users and provide them with your company privacy policy upon any changes for their review; allow for provisions for consumer choice or their data usage.

3. Establish and publish procedures for data collection, transfer and retention; perform third-party or self-audits for compliance.

4. Support collaborative, global, public-privacy efforts to increase consumer awareness and education, as well as the adoption of fair information practices and privacy/security regimes (e.g., the appointment of a national chief privacy officer).

5. Support self-regulatory efforts to adopt standard data retention/use policies.

6. Set and publish standards of privacy, security and data retention policies with clear accountability between first-party sites and third-party content providers and advertisers.

7. Create response plans for accidental disclosure of personal information and data breaches, including notification to consumers and governmental agencies. Provide relevant remedies to consumers (e.g., no-charge credit record monitoring services to those affected, or other remedies as appropriate).

8. Commit to authenticating all outbound e-mail with Domain Keys Identified Mail and/or Sender ID Framework to combat forged e-mail and potential privacy exploits within six months.

9. Transactional sites should adopt Extended Validation Secure Sockets Layer Certificates within six months or upon existing certificate expiration.

10. All consumer-facing sites should obtain privacy certification and seals from third-party providers or other third-party consumer dispute resolution mechanisms.

More details can be found here.

Are you following these best practices? If not, why? Let’s start a dialogue on the subject. Post a comment now.