Why you should start worrying about over-sharing
Today’s website owners are focused on creating a great online experience for their users. Digital transformation is about changing the way we do business and deliver services – and today’s rich web experience is part of that revolution. But with all of that user-friendliness comes a high risk price tag. Think about it: modern websites are essentially a conglomerate of web assets, a massive global supply chain that no one really thinks about. And it’s a big data privacy issue that’s about to get worse.
The elephant in the room: the web
When it comes to truly understanding – and tackling – data privacy risks, the web is the elephant in the room. Businesses understand the obvious need to secure their databases and constantly monitor how they store customer information and sensitive data while forgetting where much of this sensitive data goes: on the web, typed in the browser by the customer.
When the same apps and integrations that deliver this rich user experience and shared information also share this sensitive information with third parties, fourths, fifths, and other parties beyond your organization’s control, you might be sharing more than you or your customers have. negotiated. And it’s time for us as website owners to ask ourselves if we are really doing enough about it and if we really understand these emerging risks. It’s time to start worrying about over-sharing, because if we don’t, it won’t just be the regulators who hold us to account; so will our increasingly privacy-conscious customers.
Start worrying about over-sharing
Forms found on 92% of websites exposed data to an average of 17 domains – climb to 20 if you are one of the main mobile service providers in the EU, where (depending on the country) passport scans and copies of payslips are among the documents required to enter into a contract. That’s a lot of over-sharing – and that’s before you factor in the multiple trusted apps on your site; Google Adwords, chatbots, marketing analytics, all collect data according to your own metrics and specifications. However, you might not be sure exactly what kind of data they collect or to what extent. Do you have a complete overview of how these third-party integrations use the data you collect?
Can you really claim to know exactly where all this data is flowing? Do you know:
- Which provider has access to which sensitive data?
- Which provider actually reads sensitive data?
- Which provider shares sensitive data with other providers?
Because if you don’t, you should. Regulations, including GDPR and CCPA, require companies to know where sensitive data flows, and the purpose of those data flows.
Why the web matters
Unintentional data exposure is a significant and unresolved issue for most website owners around the world. When we fail to secure data when it is entered on websites, we effectively leave it hanging: the only reason it isn’t stolen is because criminals haven’t taken it. Again.
Likewise, when we neglect the need to understand how trusted applications share data, we run the risk of simply giving it away – without the consent of our users.
Everyone is talking about in-depth security, security beyond the perimeter and data privacy; it’s time to focus on where these things intersect: the browser.