Data Security Best Practices

The IAB Data Security Best Practices provide best practices to advertisers and publishers for the storage of online lead generation data in a secure format, where the safety and integrity of consumers’ personally identifiable information1 (PII) is assured. The benefit of following these best practices is to ensure that consumer data is stored securely to prevent security vulnerabilities, threats and fraud.

These best practices were developed by interviewing several leading online lead generation companies across major verticals, including education, CPG, retail, insurance, real estate, catalog/continuity, and healthcare. These companies were asked to describe their data storage, retention, and security methods, how they consider various market regulations in their data security practices, and what their network controls and policies are for data security monitoring and auditing.

The recommendations outlined in this document address three areas:
1. Data Storage & Retention
2. Market Regulations
3. Network Controls

Key Best Practices include:

  • Advertisers and publishers should have an up-to-date written data retention, disposal policy and procedure document
  • Advertisers and publishers should consider market regulations specific to their industry
  • User access to consumer data should be restricted and enforced with technical security measures
  • Data security responsibility should be incorporated into an internal job function