Cyber Privacy Risk Management Survey [INFOGRAPHIC]
We surveyed 100 IT leaders to see how they managed client-side user data access by third parties and discovered widely accepted operational practices that seem at odds with common sense privacy standards.
3rd-Party Apps & Scripts Use Personal Information
For example, 74% of respondents indicate they use between 1 and 19 third-party scripts on their websites. In comparison, another 80% of respondents say up to 20% of those third-parties access user data such as IP addresses, user IDs, and user form fills.
Instantaneous Access, No Prior Consent
By GDPR standards, this type of information is defined in Art. 4 as “personal data” and should not be divulged to any party without user consent. Furthermore, in Art. 7 of GDPR, the conditions for obtaining consent are clearly defined as requiring the controllers to demonstrate the users have consented in writing to the processing of their personal data before the information is disclosed.
The problem is that almost half of respondents in our survey, 45%, reported that their third-party scripts load onto their visitors’ computers before users view and respond to their privacy consent options. Another 14% said they didn’t know if scripts loaded before consent options or not.
Art. 7 of GDPR also requires companies to allow users to revoke their consent at any time quickly. However, our survey reveals that 41% of respondents either can’t or don’t know if they can alter the behavior of third-party scripts to respond to user privacy requests after they have made them.
Frequent Changes with No Notice
To further complicate technical privacy management matters, IT respondents report that third-party scripts often update, and most can’t detect security problems in real-time.
The Confidence Disconnect
While 48% of respondents report they don’t have the control or confidence to know what user information is being shared with their third-party applications, 78% say they are moderately confident they understand exactly how much personal information is being recorded, extracted, and transferred about their users.
Powering Privacy to Protect Private Information at the Edge
At Lokker, we power privacy solutions that protect private information at the edge. We seek to give companies complete visibility and control over the informational exchanges between websites and their visitors. We believe this will provide exceptional value to our clients by bolstering corporate security, maintaining regulatory compliance, building brand equity, and helping protect the population.
The modern web was not built to protect user-information as it travels between companies and end-user machines. At Lokker, we build solutions that make it easy for companies to see and control user information, specifically along the informational exchange edges of the internet.
Our survey revealed discrepancies between what IT leaders understand about their web operations and what is known about their 3rd-party controls when it comes to privacy. Our goal is to provide solutions that give IT professionals the ability to demonstrate their companies are protected per their privacy policies.