Top Privacy Considerations for Website Tracking Tools episode artwork

EPISODE · May 29, 2023

Top Privacy Considerations for Website Tracking Tools

from Info Risk Today Podcast · host InfoRiskToday.com

Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies, said Lokker CEO and privacy expert Ian Cohen.

Episode metadata supplied by the publisher feed · Published May 29, 2023

Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies, said Lokker CEO and privacy expert Ian Cohen.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Top Privacy Considerations for Website Tracking Tools

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

I'm Marianne Kolbacek-McGee, Executive Editor at Information Security Media Group. Today, I'm speaking with Ian Cohen, who is CEO of data privacy compliance firm Locker. We're going to be discussing some of the recent trends and growing privacy concerns involving the use of tracking codes on healthcare-related websites. So, Ian, last year, your company scanned nearly 250,000 websites, including 5,400 websites of hospitals and other medical entities, finding trackers and similar embedded features on nearly half of those websites.

In recent months, we've seen controversies heating up involving the use of trackers, and as you know, there's been a number of proposed class action lawsuits against companies that use or previously used those trackers on their websites. The lawsuits were filed by plaintiffs who alleged that they didn't know or didn't give consent to having their sensitive information from website interactions collected and or shared with third parties. And we've also seen at least two FTC enforcement actions involving cases where website tracking tools were used. With all of that said, what are you seeing in recent months, especially since conducting your survey last year?

What's going on with the use of trackers? I really think there's three or four big trends going on right now. So first of all, in January and the lead-up to January, we saw a lot of lawsuits, but in January, we saw new privacy laws go into effect. And the really important aspect of this was a lot of these laws had private rights of action built into the law.

So that means that not only are there new laws going into effect, but people are resurrecting old laws as well, such as the Video Privacy Protection Act that's been used against websites. And that was originally created during the 1980s for Blockbuster video rentals. So the point I'm getting at is that the status quo for privacy is over, for sure. There are new laws, and these laws oftentimes include private rights of action, which means that private classes or individuals can use these laws to bring lawsuits against companies.

I think the second point is things had to change. The current way that people were running privacy just wasn't going to work anymore. And I think it's important for companies to realize that this is a very popular political issue on both sides of the aisle as well. So no matter what your politics are, freedom from being tracked is a very popular issue.

And so I don't think we're even close to the apex of what we're going to see in terms of more of these actions brought against companies that are protecting their customers' privacy. And I think there's a couple other business things that are pushing us along as well, and not necessarily in a good way. So there are a lot of companies that have built their business models around ad tech. And there's an awful lot of e-commerce companies that do need, legitimately need a certain amount of marketing technology.

Unfortunately, the more difficult it gets for these companies to track customers the right way, they're continuing to track customers the wrong way in order to meet their customer acquisition costs. So I think you combine this with the fact that in the face of all the new privacy legislation, you're also seeing the effectiveness of traditional advertising models becoming less. So you've got a bit of a perfect storm where on one side of the aisle, you've got lots of incentives for companies to use more trackers. On the other side of the aisle, you've got lots of new laws preventing them from doing so or finding them or suing them if they don't protect their customers' privacy.

So Ian, with that said, what do you see companies doing? Are they becoming more hesitant in using these tracking tools? Are they pulling them out and, you know, stopping their use in their websites as they hear of other companies that are like them being sued and, you know, they see these new privacy laws coming into effect? Or are companies still kind of plowing ahead and using these tools, thinking that the benefits outweigh the risk?

That's a good question. It's an expect. But companies that are sufficiently scared or certainly companies that are in the middle of getting sued, they tend to just pull back on everything. And the problem is that we all use a lot of tools to operate our site.

So this can be very difficult for companies to manage. And I think there's a lot of uncertainty around the law. So I think what I think fear is a leading indicator right now for a lot of companies. And I think that's what they're managing by.

We're seeing a strong need for confirmation of everything going on on people's websites. People want to know, companies, want to know exactly what's happening on their website. So they want to see every tracker, every cookie, every geographical location, every bit of sensitive data they might be inadvertently sharing. So that's part of it.

Part two of it is very new. So originally, privacy on the Internet was really about consent. Well, it goes way back before that. But more recently, it had mostly to do with consent management.

What's happening now is very different because you can go ahead and get consent to use the MetaPixel, but that consent doesn't cover the MetaPixel doing something illegal or not allowed by HIPAA or inappropriate. And oftentimes it's inadvertent. So I think that's really got companies on their back foot because you can go ahead and get consent from a consumer to use certain tracking pixels. But if they misbehave or if they're just used in the wrong context, as I think the case with the Meta tracking pixel.

So using that tracking pixel on, say, a racing website is one thing. Using it on a health care website is quite another if you're sharing medical data and symptom information inadvertently with any social media company. So I think that I'll just repeat that. I think beyond getting proper consent, companies are realizing they have to do something much different, which is make sure that they're tracking the behavior of all these third parties.

With that said, how do they go about that? How do companies go and check to see how these third parties are using the data? And is it just sort of a matter of trusting that that third party is telling you everything that they're doing with this data? And how can you really be sure that your data is not or your consumers' data is not being misused?

Unfortunately, you can't using a lot of the traditional tools you're using. So you've got an army of people or you use some tool like lockers that is able to look across your entire site and see exactly what's going on in an interface that allows you to surface the relevant issues quickly. And, you know, I think that I'll put this in a broader context in just a locker. You need to confirm everything that's on your site.

You need to track it in near real time or at least weekly. And you need to make sure that you remove a lot of the trackers that are on your site when you're not using them. So we created a risk score to allow companies to go and look at their websites or a portfolio of websites and assess how good they are on their privacy compared to the hundreds of thousands of sites we've scanned and to the S&P 500. So we created a model that allows companies to see how they rank overall, according to the S&P 500, how they rank by sector and then on each of the seven risk factors that we see in privacy, how well they rank there as well.

And hopefully use those rankings to fix their sites and mitigate that risk. So, Ian, how does Locker quantify the risk in using these tools? So we quantify web privacy risk by looking at the factors that can harm a company and their customers. And we show the score in context to the S&P 500, both in terms of the total score and each of the seven score factors, the seven risk factors.

And then last but not least, we take that score and we carry it all the way down to a page level. So a company can see their risk across all of their websites. They can also see their risk for a specific website in comparison again to the S&P 500. And they can see the risk all the way down to a page level.

And the reason we did that is to give companies the details they need to make their sites safer, not just estimate the risk. And we modeled this after existing issues that we're seeing. And nine months from now, six months from now, we'll look back and do a regression analysis and make the model more predictive. So, Ian, based on the scans that you've done working with different websites, what are some of the more disturbing kinds of information that you've seen either collected or being transmitted that these website owners might not be aware of or they should be more aware of the risks that that activity poses?

And is that disturbing sort of activity common or is there like, you know, that's sort of the outlier, you know, the most disturbing things or, you know, unusual, but there is sort of a base level of things that are still somewhat questionable. I think the most disturbing things that everyone can understand at a visceral level quickly is when you're on a medical website and you're typing in a symptom for a family member or yourself and you're researching those symptoms and those conditions and contraindicated medications. And that's all getting shared with trackers, social media or otherwise. And realize once something is shared with a tracker, it's shared with many other trackers downstream of that.

And I think people just find that understandably really scary. The other kinds of things we're seeing that I think are really scary as well. And those medical conditions have to do with state laws. So certainly given what's happening with the Dobbs decision, people are very worried about that.

Aside from that, we see a lot going on around HR. So anybody who's gathering information from potential employees or current employees, they're going to be very concerned that when they're asking people, you know, their sex, their religion, their anything about their background, that that information is kept very secret, as it should be. And it sounds ridiculous that you have to say, of course, that should be private. But you really, we do see cases where it's not.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on May 29, 2023.

What is this episode about?

Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies,...

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!