Aug
11
2015

New IoT Trust Framework Addresses Privacy Risks & Guidelines

blog_081115

blog_081115

Today, the Online Trust Alliance (OTA) released its Internet of Things Trust Framework, to address IoT privacy and security risks. The Framework provides guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation, and consumer health and fitness wearables.

“The rapid growth of the Internet of Things now includes thousands of connected products, yet it’s shocking how little planning there has been for these devices becoming a part of everyday life,” said Craig Spiezle, Executive Director and President of the OTA, a non-profit group with a mission to enhance online trust.

The framework was created by the OTA IoT Working Group, which was established in January 2015 and presented initial findings at the TRUSTe IoT Privacy Summit in June. The working group is comprised of major companies including Microsoft, ADT, AVG Technologies, Symantec, Target and TRUSTe. This working group proposed best practices in order to protect consumer data, while requesting feedback from nearly 100 other organizations. The main focus was on safety and reliability of any IoT devices as well as an often overlooked component — sustainability.

“Sustainability—the life-cycle supportability of a device and the protection of the data after the warranty ends—is critical to the security, privacy and personal safety of users and businesses worldwide,” according to the OTA’s press release. “Without addressing sustainability, devices that may have been secure off the shelf will become more susceptible to hacking over time allowing hackers to remotely control these devices. This is a persistent concern, first demonstrated with baby monitors, just recently by infiltration of fitness wearables to spy on health vitals, and will likely be again soon, perhaps through general mayhem caused by sabotaging connected appliances.”

The OTA is seeking public and industry comment on this list of best practices from now until Sept. 14, 2015. To review the framework, provide feedback, or for information on joining the IoT Working Group, visit: https://otalliance.org/IoT.

Aug
07
2015

Save the Date: EU Data Protection 2015 on Dec. 8

blog_080715

blog_080715
This week, TRUSTe announced that “EU Data Protection 2015 – Regulation Meets Innovation” is taking place in San Francisco on Dec. 8. This will be the premier event on the US West Coast to address the EU General Data Protection Regulation and the business impact.

We will be announcing more details soon and opening registrations on Wednesday September 2nd. Follow #eudatap15 and http://www.truste.com/eudatap for further details.

If you’re interested in speaking at this event, or partnering or sponsoring it, please contact eleanor@truste.com

Aug
05
2015

Meet the Leading Players in the Privacy Ecosystem: Craig Spiezle, Executive Director & President, Online Trust Alliance

craig_blog

Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.  

craig_blog

What is your organization’s role in the privacy ecosystem? 

As an independent non-profit OTA’s role is develop and advance best practices to enhance online trust, promote innovation and increase accountability. For the past decade we have convened multi-stakeholder efforts and initiatives, and published progress reports and independent audits. OTA uniquely looks at the convergence of security, privacy and sustainability of business practices. We need to focus on data protection, which encompasses all three.

 

What key goals/issues is your organization focused on tackling? 

Online trust is eroding on many fronts. Take for example online advertising. In the absence of any meaningful self-regulatory efforts to provide consumers the ability to control data collection and tracking, upwards of 25% of users are blocking online advertising. This has been amplified by the lack of security safeguards and circuit breakers to help block and prevent malicious ads from being served on legitimate websites. This is a serious concern as advertising fuels significant services consumer rely on, as well as tarnishes the reputation of websites that serve these ads. In parallel, we are making a significant investment in developing an IoT trust framework that will lead to a voluntary code of conduct and likely certification program. With TRUSTe and more than 100 other organizations we are working to roll out a comprehensive framework to help vendors and developers address the IoT threat landscape.

 

How have your organization’s goals/focus changed over the years to address evolving technologies or challenges? 

It has been an evolution looking at privacy and security holistically while focusing on the data lifecycle, supply chain and flow. They are two sides of the same coin.

 

Looking ahead, what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation? 

Self-regulation is failing as trade groups and advocates have become polarized. Collectively we must be willing to make changes today for the long-term benefit of consumer and industry alike. We remain supportive of Federal legislation in data beach, security and privacy — setting a high bar without preempting State Attorney Generals from enforcement. At the same time we need greater accountability. We need to empower the FTC and FCC to take action and fine companies who are failing to protect consumers and their data.

 

What is the biggest current threat (to consumers or businesses?) 

We are at the crossroads of a trust “tragedy of the commons.”  The wild west of data collection and sharing without explicit consumer consent will have a long-term impact.

Read the rest of this entry »

Jul
31
2015

August Spotlight – Live Demos, Data Privacy Asia Event

Computer keyboard webinar

Computer keyboard webinar

  • August 6, 10-11 a.m. PDT

Webinar – “30 Day Countdown Until DAA Mobile Enforcement: Are You Ready?”

Enforcement of the DAA Mobile Guidelines begins in September. Find out what this means for your business. Speakers include Lou Mastria, Executive Director of the Digital Advertising Alliance; Michael Signorelli, Partner, Venable LLP and Counsel, Digital Advertising Alliance; Helen Huang, Senior Product Manager at TRUSTe, and moderated by Kris Vann, J.D., Senior Product Marketing Manager at TRUSTe.

Register here.

 

  • August 13, 9 a.m. PDT

Webinar – “How Good Privacy Practices Can Help Prepare for a Data Breach”

TRUSTe offers this webinar as the first in our Fall/Winter Privacy Insight Series.

This webinar will examine the costs of a data breach occurring, the role of privacy and information governance in preparing for a possible breach. Attendees will also learn how to build an incident response plan to mitigate damages and to ensure that every relevant employee knows what to do in the event of a data breach. Speakers include Larry Ponemon, Chairman and Founder of the Ponemon Institute; Mary Westberg, Sr. Compliance Paralegal, SanDisk and Joanne Furtsch, Director of Product Policy, TRUSTe.

Register here.

Read the rest of this entry »

Jul
31
2015

End-of-Month-Recap: What You May Have Missed

Privacy

At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month.

Privacy

This month on the blog we covered a wide array of privacy topics. We also shared the Privacy Ecosystem. This map showcases just some of the major players involved in the numerous facets of privacy. Inspired by the interest in the Privacy Ecosystem map, we decided to launch a weekly series profiling some of the leading organizations in the privacy space. Check out the list below for some of the most popular blog posts this month:

 

Celebrating Privacy as One of Our Freedoms  

Contributor and privacy expert Alexandra Ross wrote this reflective post about privacy as a fundamental freedom to coincide with the July 4th holiday in the U.S. Many people consider privacy a fundamental right even though its not expressly stated in the constitution. In fact, a recent TRUSTe survey shows that 45% of respondents think online privacy is more important than national security.

 

Coding for Privacy: A Conversation with TRUSTe’s Ken Okumura [Via TechBeacon]

 TRUSTe’s Vice President of Engineering Ken Okumura was interviewed for this article in TechBeacon in which he discusses all things privacy and security.

 

Privacy Risks of Mobile Applications

TRUSTe Senior Product Manager Helen Huang, CIPP/US, highlighted the importance of mobile privacy management. Considering at least half of Fortune 500 companies have a mobile application, privacy needs to be considered for these organizations’ apps as well as employee devices.

 

 Privacy Ecosystem Series

This month we launched the Privacy Ecosystem Series in which we profile organizations, companies or government agencies that are involved in the privacy space.

 

What else would you like to read about on the TRUSTe blog? Tell us in the comments.

 

Jul
29
2015

Google AdSense Policy Now Requires Publishers to Obtain Consent from EU Visitors

Consent from EU Visitors for Google Adsense Publishers.

Consent from EU Visitors for Google Adsense Publishers.

This week Google announced it will be implementing a new user consent policy. Essentially, this new policy requires all websites serving EU visitors, including those not based in the EU, to comply with the EU Cookie Directive. Google posted the notice on its official AdSense blog.

In 2009 an amendment to an existing EU directive (the so-called Cookie Directive) introduced a requirement that companies provide “clear and comprehensive information” to users about the types of tracking technologies used on websites, including a way for users to “consent” to any cookies which are not “strictly necessary” for the delivery of an online service. The majority of EU Member States have now adopted their own Cookie Laws implementing the requirements of the Cookie Directive.

Here’s what AdSense has to say about this new policy:

Why are we doing this?

European Union data protection authorities requested some changes to current practices for obtaining end user consents. It has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.

What do you need to do?

If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today. There’s guidance from data protection authorities and IABs across Europe on what is required to comply with relevant laws; the IAB’s IAB Europe Guidance: Five Practical Steps to help companies comply with the E-Privacy Directive is a good place to start.

Read the rest of this entry »

Jul
24
2015

Latest Privacy Insight Series Webinar Addresses FTC Stance on Privacy, Security

FTC’s Policies on Privacy and Security

FTC’s Policies on Privacy and Security

The FTC is the leading privacy and security regulator in the U.S. says Daniel J. Solove, a professor at George Washington University Law School who runs a privacy and security training company called TeachPrivacy and organizes the The Privacy + Security Forum conference. Although there is hardly any case law, Solove noted in presenting this webinar, the FTC looms large in practice.

In 1998, only about 2% of websites had some form of privacy policy, now nearly every website has one.

“We’ve seen a huge rise in privacy policies,” Solove says.

In the late 1990s and early 2000s, a debate was raging about how personal information would be protected online. It was argued that self-regulation would work. As a result, companies began to self-regulate their privacy practices by creating their own policies.

Read the rest of this entry »

Jul
23
2015

Doubling Down on Privacy and Security [Video]

KevinTrilliPresentation

KevinTrilliPresentation

A data breach or regulatory investigation can have devastating consequences for an organization. Today, companies are collecting sensitive information of customers and employees alike and are looking for ways to systematically safeguard that information against the possibility of a costly breach.

Privacy professionals need a comprehensive strategy to address these privacy and security risks, but often don’t know where to begin. What are the unique characteristics of a privacy officer and how does their role fit alongside the IT, security and compliance teams?

TRUSTe’s Kevin Trilli, VP of Product recently presented a session titled “Doubling Down on Privacy and Security” at MetricStream’s GRC Summit where he outlined potential solutions to manage global privacy risk and compliance across the organization. Watch the video for an overview of key privacy challenges for the year and how you can prepare.

Older posts «

» Newer posts