Consumer Reports spearheads new privacy, security standard for electronic products

Thirty years ago plenty of people had personal computers that weren’t connected to the internet. These days everything from the phones in our pockets to the locks on our front doors might have internet access.

On the one hand, that can make life a lot of convenient. You can monitor your home security system from work or while you’re on vacation and you can do your banking from your phone. On the other hand, adding an internet connection to anything opens the possibility of security and privacy vulnerabilities.

Consumer Reports wants to do something about that, so the organization best known for publishing extensive reviews on a wide range of products is going to start considering privacy and security features when it rates connected devices. And the organization has also worked with a few other groups to develop a new standard.

The idea is that anyone reviewing products can use the same testing procedures if there’s a standard. And it helps the company’s that create digital devices and online services to know what they’re being graded on… which could help encourage companies to at least meet the minimum privacy and security requirements that are laid out.

So what’s in the new standard? Here are just a few things:

• Products should be protected from known software vulnerabilities.
• Products should require strong passwords.
• Software updates should be provided. If they’re not automatically delivered, there should at least be notifications to let you know when you should manually update.
• Companies that save customer data should protect it with encryption.
• Users should be informed of what data is collected and there should be systems in place for requesting its deletion. When you terminate an account, data should be removed.
• If user data is shared with third parties, companies should explain that.
• Companies should have a system for addressing reported vulnerabilities.
• Products should be repairable by third parties, and customers should not be penalized by voided warranties due to third-party repairs.

You can find more details at The Digital Standard website.

Consumer Reports worked with three other organizations to develop the standard: Disconnect, Ranking Digital Rights, and Cyber Independent Testing Lab.