April 17, 2019
By Zlati Meyer
The federal government is best at protecting consumer data and the healthcare sector is the worst, according to a new study by the not-for-profit Internet Society’s Online Trust Alliance.
Grading privacy protection
- U.S. government—91% of audited U.S. federal government sites made the honor roll.
- Consumer services (everything from social media to travel-booking websites to tax-prep services)—85%.
- News and media—78%.
- Internet retailers—65%.
- Internet service providers, carriers, hosters and email providers—63%.
The 10th annual Online Trust Audit and Honor Roll analyzed more than 1,200 consumer-facing websites to determine which industry values security and privacy the most.
The healthcare companies examined include pharmacies, health insurers, hospital systems and genetic-testing businesses.
The Online Trust Alliance evaluated the websites based on how well they protected their email, whether they encrypt sessions with their users and what they say in their privacy statements.
“What do you collect, what do you do with it and who do you share it with?” the group’s technical director, Jeff Wilbur, said. “By far, the biggest tactic bad guys use is someone steals your credentials. Email represents a starting point of 90% of attacks.”
The Online Trust Alliance’s list of the most vigilant about protecting consumer data includes the Federal Emergency Management Agency, PayPal, the First National Bank of Omaha and DNA-testing company 23andMe. Ranked first on the list was Google Play.
USA TODAY is on the Online Trust Alliance’s news and media industry’s honor roll.
This year marked the first time the survey included the healthcare sector, but according to Wilbur, it’s a vital industry. A person’s private medical data could be used for everything from blackmail to insurance fraud.
“Hackers prize medical information to round out the profile of individuals they already have information on,” he said.
But there’s plenty of exposure all around, and with that, victims. For example, in March, the parent company of the Planet Hollywood and Buca di Beppo restaurant chains said diners’ credit and debit card information may have been exposed and in December, the question-and-answer website Q&A site Quora said a data breach could have affected 100 million users.
David Holtzman has been ensnared in three data breaches—the 2015 U.S. Office of Personnel Management breach, the 2017 Equifax breach and the Marriott breach.
“I feel like I can’t protect my funds and my identity. I’m very fearful of what this portends,” said the 60-year-old health-information privacy attorney from Germantown, Maryland.
Holtzman has put credit freezes on his accounts, remains vigilant about monitoring day-to-day activity in his banking accounts and 401(k) and is careful about what he posts on social media.
“When I was a kid, your bank issued a passbook to you and no transaction could take place (without it),” he said. Now, “the only way I can access my money and monitor my financial well-being is by conducting it through the internet—the same Internet that was used by hackers to steal my information.”
Copyright 2019 Gannett Company, Inc. All Rights Reserved.
Quality News Today is an ASQ member benefit offering quality related news
from around the world every business day.