Siona Robin Listokin of George Mason's School of Policy, Government, and International Affairs has written Industry Self Regulation of Data Privacy and Security. Here is the abstract:
Industry self-regulation of consumer data privacy and security has been proposed as a flexible alternative and compliment to traditional government regulation. This study analyzes whether different types of existing industry-led standards improve online privacy and security. The paper examines which types of firms join voluntary standards and whether there is a difference in outcomes between trade association memberships (like the Digital Advertising Alliance) and certification programs (like TRUSTe). Results suggest that more trafficked websites are more likely to adopt standards, and that trade association membership does not have an effect on privacy and security performance. There is some evidence that paid certification can hurt subsequent privacy and security. This study also compares website privacy measures and highlights the need for a valid privacy metric.