Online Trust Alliance Finds Data Breaches Spiked to Record Level in 2013

   Online Trust Alliance Finds Data Breaches Spiked to Record Level in 2013

89 Percent Could Have Been Prevented

Leading up to Data Privacy Day, OTA Cites Best Practices and Organizes Town
Hall Meetings to Help Companies Avoid Being Victimized Like Target and Adobe

PR Newswire

SEATTLE, Jan. 22, 2014

SEATTLE, Jan. 22, 2014 /PRNewswire/ --The Online Trust Alliance (OTA), the
non-profit with the mission to enhance online trust, user empowerment and
innovation, today recommended a series of best practices to help prevent
online data breaches and other exploits, in collaboration with high-profile
brands including American Greetings Interactive, AVG, Microsoft, Publishers
Clearing House, Symantec and TRUSTe. These recommendations, released today in
OTA's 2014 Data Protection & Breach Readiness Guide, were accompanied by
several eye-opening statistics.

Leveraging preliminary year-end data from the Open Security Foundation and the
Privacy Rights Clearinghouse, the OTA estimated in its guide that over 740
million records were exposed in 2013, making it the worst year in terms of
data breaches recorded to date. And yet, after analyzing approximately 500
breaches over the past year, the OTA determined that 89 percent of all breach
incidents were avoidable had basic security controls and best practices been

"Businesses and organizations have a responsibility to protect consumer
privacy and prevent data breaches from aggressive cyberthieves," said
Washington State Attorney General Bob Ferguson. "Consumers deserve to know who
they can trust.The Online Trust Alliance arms organizations with critical
information to reduce cyber risk and protect consumers."

The annual guide is being published in advance of Data Privacy Day, Jan. 28,
which the OTA commemorates by holding town hall forums and workshops led by
cybersecurity and privacy luminaries in New York, San Francisco and Seattle.
These events come on the heels of several high-profile data breaches
victimizing Target Corporation, Neiman Marcus and Adobe—a disturbing trend
that undermines online trust and underscores the need to implement best

"Data breaches are nothing new and have been around for quite some time;
however, what we are seeing is a significant increase in incidents that not
only harm consumers, but businesses as well, leading to a breakdown in
consumer trust," said Tim Rohrbaugh, VP of Information Security for
Intersections Inc. and OTA Board Member."Having a rigid, black and white
approach to security controls and monitoring and being unprepared for an
incident will cost businesses more in the end.These town halls are a great
venue for business leaders in all sectors to come together and share best
practices in improving security controls, customer data management, and data
breach incident reporting."

According to the guide, best practices can only be achieved when companies are
no longer complacent with meeting minimum compliance standards for data
protection. Rather, they must meet the far loftier data privacy expectations
of their own customers, by adopting a comprehensive data stewardship strategy
that safeguards data across its entire lifecycle, from collection to deletion.
Such efforts go hand in hand with developing an effective Data Incident Plan
(DIP), a playbook that can be deployed on a moment's notice, delineating what
steps must be taken when a breach happens. Businesses must be able to quickly
assess the nature and scope of an incident, contain it, mitigate the damage
and notify all interested parties, including law enforcement and affected

"Consumers and businesses are both victims of rapidly escalating hacking
attacks, and as stewards of consumer data it's incumbent on businesses to
adopt best practices to help protect consumers from harm," said Craig Spiezle,
executive director and president of the Online Trust Alliance. "Those
companies that fail to do so need to be held accountable, by consumers,
regulators and stockholders.

Indeed, the ramifications of a data breach can be far-reaching and long-term,
creating a sort of "business shock," explains the guide. Consequences include
a damaged brand, decreased sales, loss of third-party partnerships and
contractual penalties imposed by customers, partners or service providers.

Ultimately, the guide urges all businesses to accept two fundamental premises:
One, the consumer data they are collecting invariably contains some form of
personally identifiable information. And two, at some point they will
inevitably experience data loss. When that happens, it's best to be prepared.

OTA's 2014 Data Protection & Breach Readiness Guide is available at: A public webinar recapping the guide is
being hosted on Feb. 12 from 9 a.m. to 10 a.m. PST. To register, visit Additional quotes from OTA supporters regarding Data
Privacy Day and the guide are available at

Privacy Day Workshops
OTA's 2014 Data Privacy Day workshops in New York (Jan. 28), San Francisco
(Jan. 30) and Seattle (Feb. 4) are designed to provide businesses with
prescriptive advice about how to navigate complex security and data privacy
issues, while enhancing brand trust and product innovation. Speakers include
privacy experts from the FBI, Federal Trade Commission, Secret Service and the
Attorney General's Offices of New York, California and Washington State. The
events are in collaboration with the Better Business Bureau, Identity Theft
Council and the local chapters of InfraGard, and are supported by underwriting
from leading organizations including comScore, Intersections, PwC, Sailthru
and TRUSTe. To attend a workshop, visit

About The Online Trust Alliance (OTA)
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance
online trust and user empowerment, while promoting innovation and the vitality
of the Internet.OTA's goal is to help educate businesses, policy makers and
stakeholders while developing and advancing best practices and tools to
enhance the protection of users' security, privacy and identity.OTA supports
collaborative public-private partnerships, benchmark reporting, meaningful
self-regulation and data stewardship. Its members include federal law
enforcement agencies, and the world's leading e-commerce, online banking,
online security and social media companies. For more information, visit:

SOURCE Online Trust Alliance

Contact: Andrew Goss, VOXUS Inc. (for OTA), 253.444.5446,
Press spacebar to pause and continue. Press esc to stop.