Committees help to develop best practices, foster collaboration, and promote stewardship, security, and corporate responsibility. They focus on issues that are important to our community, providing an opportunity to actively participate in the work of the Internet Society and the Online Trust Alliance. Participation is open to all employees of Internet Society organizational member companies in good standing and invited subject matter experts. Below is a summary of each Committee.

Internet of Things (IoT)

Addressing the mounting concerns and collective impact of connected devices, the IoT Committee focuses on fostering collaboration, promoting the benefits of bringing “trusted” IoT devices and services to scale, and promoting the importance of self-regulation and voluntary codes of conduct addressing security, privacy, and life-cycle risks and concerns.

Data Protection & Breach Readiness Planning

Annual data breaches now top billions of exposed records and the growing data economy brings with it growing risk. The Data Protecion Committee focuses on the development and advancement of best practices and prescriptive advice to enhance data protection practices and promote planning to mitigate cyber breaches and data loss incidents. A key deliverable of this committee is OTA’s annual Data Protection Breach Readiness Guide, one of OTA’s most popular reports.

Trust Audit Planning

The Trust Audit Planning Committee participates in the planning of the annual Online Trust Audit & Honor Roll, including reviewing new criteria, evaluating automated tools, and providing input into the weighting and scoring of data elements. The Audit holistically examines security, privacy, and consumer protection best practices.

Email Security & Integrity

Email plays a critical role in today’s online ecosystem. The Email Security & Integrity Committee focuses on increasing the integrity and trust of legitimate email, while reducing spearphishing, spam, and social engineering email exploits. The group works to promote adoption of email security and best practices for all classes of email senders and receivers, including interactive marketers, ISPs, enterprises, and government agencies. Key efforts include promoting the business and technical value of SPF, DKIM, DMARC, and TLS.

Infrastructure & SSL/TLS Best Practices

The Infrastructure & TLS/SSL Best Practices Committee advances best practices to protect critical infrastructure from exploits and vulnerabilities, and increase resiliency by supporting identity, authentication, brand protection, anti-fraud, and trust mechanisms. The group tracks risks (e.g. malvertising), highlights current and emerging best practices, develops business and technical value propositions, and provides tools, outreach, and resources to advance adoption of best practices. The Committee is generally a discussion list for service/cloud providers interested in the integrity and security of their services and supply chains.


The Privacy Committee promotes best practices including tools and technologies that allow users to opt out of third-party data collection, while underscoring the value exchange consumers receive from ad-supported sites and services. The group promotes the need to move from a compliance mindset on data collection, retention, and usage, to one of stewardship.