“Most companies publish a privacy policy, which helps create a transparent and accountable mechanism for regulators to ensure companies are adhering to their stated policies,” said Daniel Castro in the Christian Science Monitor. “However, no such system exists for security practices, which has resulted in vague standards, regulation by buzzword, and information asymmetry in markets. By publishing security policies, companies would be motivated to describe the types of security measures they have in place rather than just make claims of ‘we take security seriously.’ This is a concrete step that policymakers can take to improve security practices in the private sector.”
