This past September, the Online Trust Alliance, an industry group focused on e-commerce, released a report assessing the safety of presidential campaign websites.[i] The report focuses on the following three aspects of online campaign platforms: site security, consumer protection, and privacy.
Site security addresses whether or not the campaign website is the actual website and not directed to a counterfeit source. This category also includes factors on the investment of technology such as, firewalls and encryption technology, and other programs that make hacking more difficult.
Consumer protection scores are calculated by evaluating the “adoption of email authentication and associated technologies to help protect consumers from receiving fraudulent email purporting to come from candidates, their PACs or political parties.”[ii] In other words, the political campaigns are assessed on how well they protect their websites and emails from hackers, who could create a false website and illegitimate emails.
Site Privacy compared methods of data storage, security of stored information, and actual use of the information received from political donors and volunteers. Content of a site’s “privacy policy” and accessibility of such disclosures also attributed to the assessment.
Online Trust praised the campaigns overall for their use of technology in the areas of consumer protection and site security; however, many presidential campaigns were given failing grades for their lack of implementing a data privacy policy. Six campaigns (out of twenty-three total campaigns assessed) had sufficient data privacy protection in place that sufficiently passed Online Trust’s assessment.[iii]
Many of the campaigns received low marks in these areas for not having privacy policies, or the policies disclosed were inadequate, or because the campaigns “claimed the right to share data with ‘like minded entities’ or unidentified third parties or anyone or even sell the data.”[iv] OTA shows this as a negative factor, because the person providing the information has no ability to consent whether or not their information can be sold, despite the terms of the privacy policy. Third-party data sharing is also in contrast to the generally accepted Fair Information Practice Principles (FIPPS).[v]
A major reason for the low marks in privacy is attributed to the use of micro targeting by both Democratic and Republican campaigns. Micro targeting[vi] involves collections of data and statistics from voter populations that is assessed for predictive voting trends, which allows political parties to tailor their messages based on the voters’ preference of issues and streamline campaign resources to potential supporters.
The report provides us with two important lessons. First, companies need to invest in technology that will protect their websites from cyber-criminals, viruses, and other forms of malware. It may not be as extensive as a presidential campaign, but as seen in the cases of Target, the Internal Revenue Service, and the Office of Personal Management, it is evident that no information technology system, even the “best of the business” is safe from attacks.
Secondly, companies need to develop a data privacy policy focusing on the security, storage and privacy of consumer information. Although no one has successfully hacked into a presidential campaign website, that we know of, the potential risk of bad publicity stemming from compromised donor and volunteer information is more than enough to end a campaign. That kind of negative publicity is equally devastating for businesses and organizations utilizing online platforms.
For more information on how to assess your own data privacy needs, please visit our website.