1. The company commits to inform users about unusual account activity, most recent account activity, and possible unauthorized access.
2. The company publishes materials that educate users on how to protect themselves from cyber threats relevant to their services.
Guidance: Companies hold significant amounts of user information, making them targets for malicious actors. We expect companies to help users protect themselves against such threats. Companies should present this guidance to the public using clear language, ideally paired with visual images, designed to help users understand the nature of the threats companies and users can face.
Evaluation: This indicator is scored using a checklist, meaning companies can only receive full credit if their disclosure meets all elements in the checklist.
Potential sources:
For more information, click here for a glossary of terms.