It’s hard enough to manage all the customer information your organization collects, stores, and analyzes on a daily basis. In addition, ensuring that your marketing teams are in compliance with your privacy policies and with data privacy regulations is no cake walk. Then, verifying that your tech team has backed up and encrypted the information effectively adds a few more gray hairs. And this is the customer data you know about and that you can see. But what about all the invisible data that is being shared from your website?
Did you know that, on average, the homepages of the Fortune 1000 websites have 135 third parties making requests for data? Some had as many as 643 third parties on their site! Fingerprinters, trackers, ad networks are all vying to capture a little bit of data to enrich their models, build profiles, and monetize your customers’ information. All below the surface of the website user experience you and your team have so carefully curated to build customer loyalty.
Digital commerce is a wild web of third-party solutions integrated to create compelling, personalized experiences for your customers. But today, most websites are comprised of 70% of third-party code that, while providing essential functionality, are also creating major vulnerabilities for your customers’ data privacy and security.
Another (not so) fun fact…of the top 100,000 most visited websites, there were over 9,500 instances of form data leakage (search fields, email sign-ups, site registration) sending data to external parties. Again, not necessarily visible on the surface of the webpage, but happening behind the scenes. Website owners may not have any relationship with these organizations freeloading off your data, but they love their relationship with your vendors.
Global healthcare websites have, on average, 108 third parties collecting customer data
Based on Lokker’s proprietary research conducted in February 2022, they identified over 230 healthcare sites that, on average, have 10 third-party services collecting data that, in turn, share data with 108 downstream data aggregators. These scripts are executed on a site visit to capture unique information about the visitors’ location, browsing history, type of browser, the operating system, the IP address, fonts and more details about the visitor that are captured and used to create a profile of the user.
Particularly for healthcare companies, this is alarming, as their customers who are seeking information or products for their health needs are surely not interested in sharing these intimate details with marketers, or worse, with cybercriminals who may use this information in future fishing attacks.
CPOs and CISOs seeking to reduce these vulnerabilities and mitigate these risks need better tools to make these invisible threats visible.
When evaluating options to better protect your website visitors, look for tools that:
- Continuously inspect your sites for Javascript from external parties and provide real-time alerts. With ongoing inspection of your website for third-party Javascript, you can get clear and real-time visibility to any unauthorized activity.
- Provide visibility and control over all external trackers, fingerprinters, and applications that may be monitoring your users’ activities. Visibility is only half the story. Advanced tools that give you control over what data you share and with whom you share it, is essential.
- Identify PII leakage from forms (including search fields) and report if data is being sent to foreign domains. You have an obligation to not only ensure that sensitive information is protected when submitted to you, but that it also is not being shared, downstream, with organizations that may compromise data sovereignty laws.
- Enable you to set rules that can automatically block, anonymize, or permit information to be shared. When you have state-of-the-art tools that enforce rules for all customer data that flows through your site, you help your organization stay in compliance with your policies, beyond human, ad hoc surveillance.
As consumers demand greater corporate responsibility for their personal information, business and technology leaders face an ever-expanding list of challenges pertaining to cybersecurity and privacy. The good news is that there is also a growing marketplace of privacy technologies to address these threats that are silently and invisibly operating below the surface of the web.
