A large amount of campaign websites (70 percent) reviewed in an audit failed to meet security and privacy best practices, according to the 2020 U.S. Presidential Campaign Audit by the Online Trust Alliance (OTA).
Only seven (30 percent) of the analyzed campaigns made the Honor Roll, a designation recognizing campaigns that displayed a commitment to using best practices to safeguard visitor information. To qualify for the Honor Roll, campaigns must have an overall score of 80 percent or higher, with no failure in any of the three categories examined. There was no gray area in the Audit results – either campaigns made the Honor Roll, or they failed in at least one category.
Pete Buttigieg (D), Kamala Harris (D), Amy Klobuchar (D), Beto O'Rourke (D), Bernie Sanders (I), Donald Trump (R) and Marianne Williamson (D) had "Honor Rolls" for meeting their commitment to online consumer protection, data security and responsible privacy practices.
Michael Bennett (D), Tim Ryan (D), Joe Biden (D), Mark Sanford (R), Cory Booker (D), Joe Sestak (D), Steve Bullock (D), Tom Steyer (D), Julian Castro (D), Joe Walsh (R), John Delaney (D), Elizabeth Warren (D), Tulsi Gabbard (D), Bill Weld (R), Wayne Messam (D) and Andrew Yang (D) failed in meeting their commitment to online consumer protection, data security and responsible privacy practices.
OTA conducted a similar Audit in 2016, reviewing website security and privacy standards for the 2016 presidential election campaigns. "Campaign performance this year actually worsened in some areas compared to the 2016 results, despite an increased focus on privacy and security over the last four years," says the press release.
Overall performance slightly improved for 2020 with 70 percent of the campaigns failing in at least one Audit category, compared to 74 percent in 2016. All campaigns with a failure had failing scores related to their privacy statements, mainly due to lack of restrictions in sharing data. Email authentication protections worsened: in 2016, 100 percent of the campaigns employed some type of email authentication, while two failed to employ any email protections in 2020.