24 February 2012

Advertising Standards - Security Standards

Does it frustrate you seeing inaccurate or unjustified claims such as "this website is secure", "we use a secure server" and "your privacy and security is paramount to us". Or privacy-related claims like "your personal data is stored safely, securely and anonymously" and "we will not share your data with any other organisation". How are misleading claims about a software application's security any different to misleading claims about medical benefits or eco-friendliness, inaccurate descriptions, and unsubstantiated testimonials, etc of other consumer products and services? I don't believe they are.

Photograph of a sign with directions for 'Information & Non-Fiction', 'Self Service' and 'Sales'

Without a standard kite mark or agreed security, privacy and trust labelling standards, how do consumers know what is the truth about the security of the web sites, mobile apps and other software applications they are using. Well, for the moment we could do with some more accuracy & honesty about security and privacy claims.

We may not have much legislation relating to securing software applications, but the Advertising Standards Authority (ASA) has had a digital remit since last year.

So, apart from the requirements to secure personal data (Principal 7 of the Data Protection Act) and to protect privacy in electronic communications (Privacy and Electronic Communications Regulations responsibilities and obligations), and other sector-specific regulations concerning information security and privacy such as from the Financial Services Authority (FSA), Medical Research Council, and Payment Card Industry Security Standards Council (PCI SCC), marketing claims themselves are regulated. Therefore a claim about security or privacy is regulated.

The relevant sections in the Committee of Advertising Practice's UK Code of Non-Broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code) seem to be:

  • Misleading advertising
    • 3.1 Marketing communications must not materially mislead or be likely to do so.
    • 3.2 Obvious exaggerations ("puffery") and claims that the average consumer who sees the marketing communication is unlikely to take literally are allowed provided they do not materially mislead.
    • 3.3Marketing communications must not mislead the consumer by omitting material information. They must not mislead by hiding material information or presenting it in an unclear, unintelligible, ambiguous or untimely manner. Material information is information that the consumer needs to make informed decisions in relation to a product. Whether the omission or presentation of material information is likely to mislead the consumer depends on the context, the medium and, if the medium of the marketing communication is constrained by time or space, the measures that the marketer takes to make that information available to the consumer by other means.
    • 3.7 Before distributing or submitting a marketing communication for publication, marketers must hold documentary evidence to prove claims that consumers are likely to regard as objective and that are capable of objective substantiation. The ASA may regard claims as misleading in the absence of adequate substantiation.
    • 3.11 Marketing communications must not mislead consumers by exaggerating the capability or performance of a product.
  • Database practice
    • 10.1 Personal information must always be held securely and must be safeguarded against unauthorised use, disclosure, alteration or destruction.

Complaints can be made to the ASA concerning advertisements within their remit, including the online remit which includes "marketing communications on companies' own websites". And the companies don't need to be using a .uk domain — they just have to be registered in the UK.

If you are an organisation with online marketing material and are UK-based, you need to ensure your security & privacy copy does not contravene CAP to avoid possible sanctions and adverse publicity, and at the same time builds user trust, and encourages them to report suspicions & concerns to you as easily as possible in a timely manner.

As a consumer, if an online channel has any marketing claims about security & privacy which you think contravene CAP, the ASA's complaints process can potentially be used to improve standards in this area.

Posted on: 24 February 2012 at 07:52 hrs

Comments Comments (1) | Permalink | Send Send | Post to Twitter


Comments are filtered automatically and should appear shortly after they been checked.

Good Information
1 Added by Subhakar Rao Posted on 28 February 2012 at 11:58 hrs
Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Advertising Standards - Security Standards
ISO/IEC 18004:2006 QR code for https://clerkendweller.uk

Page https://www.clerkendweller.uk/2012/2/24/Advertising-Standards--Security-Standards
Requested by on Saturday, 28 November 2015 at 16:34 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use https://www.clerkendweller.uk/page/terms
Privacy statement https://www.clerkendweller.uk/page/privacy
© 2012-2015 clerkendweller.uk