"We can't look at security and privacy in isolation," Spiezle says. "I think that one of the challenges is we need to take a more holistic view of data protection. We need security by design and privacy by design. It can't be in silos."

"Our message is that you need to move off the concept of compliance to the concept of stewardship," he adds. "Compliance is the floor, the minimum amount you need to do. What we're really trying to do is elevate that discussion. Stewardship is really important and we need to up the investment. We need to be proactive. There are only two types of companies: companies that have had a breach and companies that will have a breach."

To achieve the concept of stewardship, OTA is calling on all financial institutions, commerce sites and consumer-facing government sites to implement the following measures by Nov. 1, 2012:

Review privacy policies and audit all third-party tracking and applications added to sites

Initiate planning and deployment of DNSSEC