The Security Principle requires members to "provide reasonable security for that data." The accompanying footnote reads:
Reasonable security is determined in light of several factors including, but not limited to, the sensitivity of the data, the nature of a company’s business operations, the types of risks a company faces, and the reasonable protections available to a company.I read this as allowing NAI member businesses to take minimal steps towards security. There are no requirements of best-practices, audits, compliance checks, a named responsible party, staff training and awareness.
Another problem with self-regulatory privacy practices is that they often work in unexpected ways. Case in point is the NAI Opt-out tool, which allows you to opt-out from many NAI advertisers. However, since the choice is cookie-based, your settings will be lost if you choose to delete your cookies (which you might do to enhance your privacy).
The NAI Opt-out Tool is cookie-based. In order for the Tool to work on your computer, your browser must be set to accept third party cookies. If you buy a new computer, change web browsers or delete this cookie, you will need to perform the opt-out task again.
No comments:
Post a Comment