On March 6, 2017, Consumer Reports announced that it, in collaboration with other organizations, developed a “first draft” of a consumer protection standard focused on consumer product privacy protection. Desiring to incorporate security assessments into its product ratings, Consumer Reports helped to promulgate this standard as a first step.
Noting that it has long worked with, and advocated for, strong standards for a variety of purposes and products, Consumer Reports states that it develops its own protocols when it feels that existing protocols are not sufficiently protecting consumers. Collaborating with Disconnect, an entity focused on creating digital tools that prevent invasion of privacy; Ranking Digital Rights, a privacy research project; and Cyber Independent Testing Lab, an entity that tests software security, the privacy standard will assess whether devices that connect to the internet, such as smart TVs, security systems and baby monitors, mandate that users create unique usernames and passwords. It also will analyze whether companies encrypt personal data in transit and whether they are transparent as to how customers’ information is shared with other entities. The standard inquires as to whether the applicable company implements security patches to protect against variations in malware and other cybersecurity risks.
In the future, Consumer Reports intends to evaluate products based on the standard, which will allow consumers to compare products based on privacy protection.
Consumer Reports and its partners released the standard as a public document and seek feedback. The standard can be found here.