Safest Places On the Web
Computerworld - The security breaches at ChoicePoint Inc. and LexisNexis Group have us all asking the same questions: Where is my data safe? And how do I know? These are the questions I recently set out to answer, and I found some surprising results.
First, the bad news. There still isn't one widely recognized seal of approval that says a company has top-notch privacy and security. The padlock symbol on your Web browser means the session is encrypted, and Web security seals such as ScanAlert Inc.'s "Hacker Safe" mark say the Web site is protected against all known vulnerabilities. But these methods don't address the broader, organizational security practices at issue in the ChoicePoint and LexisNexis incidents.
So which companies meet this criterion? I reviewed the privacy policies of the top 50 most-visited Web sitesas measured by Jupiter Researchand the Forbes 100 largest companies in the world. It's an admittedly small sample, so I also asked Truste and my privacy professional counterparts in other organizations for their recommendations.
What did we find? This is where the surprises sprang up. (See accompanying charts.)
The largest U.S. companies are better than their European counterparts about including the European privacy principles in their online privacy notices. The EU considers the U.S. an "inadequate" destination for personal data, but you couldn't tell it by reading corporate privacy policies. Among the Forbes 100, U.S. companies comply with an average of 3.9 of the seven EU Safe Harbor principles, compared with 2.3 for EU companies.
Another surprise was the mediocre scores of the privacy policies on the most-visited U.S. Web sites. Visitors to these popular sites apparently aren't deterred by their general lack of strong privacy commitments. The typical top-50 site posts a privacy notice that addresses only 4.4 of the EU Safe Harbor principles.
I wasn't surprised that the companies with the strongest privacy policies are concentrated in the financial and technology industries, where profits depend on consumer trust in data privacy. Seventeen of the top 20 sites hail from these sectors.
- 6TB Oracle Ecommerce Stack Deployed on AWS in 7 Days A Fortune 1000 company was told that it would take more than 6 months to deploy their ecommerce stack on AWS. CloudVelocity deployed...
- Improving IT Efficiencies: Four Advantages of Multi-Tenant Data Centers Increasing demands on IT are forcing organizations to rethink their data center options. For many organizations, that means turning to the flexibility afforded...
- Accelerating Cloud Deployment and Operations with Managed Services Companies that do not have sufficient in-house expertise to either deploy or maintain an IaaS cloud should turn to Managed Service Providers .
- Rethinking IT Operations in the Cloud This paper breaks down the challenges that often prevent the cloud from delivering the fast, flexible and affordable infrastructure companies seek - and...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All E-business White Papers | Webcasts