Website Privacy Compliance: 10 Steps Companies Should Take

Our latest comprehensive analysis on “Website Privacy and Compliance Challenges” is now available.   While there are LOTS of interesting data in this report, it also highlights actions for web site owners in the continuous process that is privacy compliance.

Here are the top 10 calls to action from this report.

  1. Is your site allowing tags to collect data prior to getting consent?  Do an audit of your consent banner user flow to understand if this applies to you.  Our latest report found that 98% of the 3,419 S&P sites analyzed are sharing data before consent is collected.
  2. Is consent collected from all the pages on your site? There is a reasonable chance this may not be true.  Conduct a review with a tool like PrivacyEdge to assure you are getting consent on all pages of your site.
  3. 10% of S&P sites analyzed are sharing sensitive data with third parties.  And many of the data leaks by companies come from inadvertent sharing of data with 3rd parties without proper controls in place. Audit for sensitive data collection by third parties to make sure they are on your trusted list. Also check that sensitive data is not being sent to 3rd parties.
  4. Analysis of these sites shows that data collecting tags and their cookies are even more complex and dynamic, not to mention the dizzying array of new privacy regulations. It’s difficult to get 100% transparency on what is being loaded on your site. Our PrivacyEdge system can help reduce the manual work needed to achieve compliance.
  5. On February 28th, 2024, President Biden signed an Executive Order to restrict sharing of Americans’ sensitive personal data with foreign adversaries. The exact rule on this will be issued on August 26, 2024. We have until April 15, 2024 to comment. Be prepared to remove tags which send data to a foreign adversary. The most impacted tags are from Russia. 
  6. Session replay tools create a new risk which has appeared recently. On average every site scanned for this report has 1 of these tools.  To mitigate risk, you need to get user consent before invoking tools like Hotjar or CrazyEgg.   And be sure these tools are configured correctly to prevent them capturing sensitive data like passwords or personal messages.
  7. Pay attention to Washington’s My Health My Data Act (MHMDA) that just went into effect on March 31, 2024.  To be compliant, you may need to remove 3rd party tags from health care content for WA residents, unless you have written consent. A “Consumer Health Data Policy” is also likely needed.
  8. The Meta Pixel is on 47% of sites, despite the rise in lawsuits for using this pixel. If you have content in the scope of these lawsuits, especially video content, remove the Meta pixel from your sites or pages which put you at risk.
  9. More laws are coming, so all companies need a privacy compliance process.  Why? There have been and will be continuous changes in the regulations which impact how your site needs to operate to respect consumer privacy.  The best solution is real time proactive blocking of unauthorized data collection using the Guardian product from Lokker.   Watch this one-minute video for a quick overview of how the platform works.
  10. Schedule a demo to see how the Privacy Edge platform can protect your business.