Why your tech stack needs an update

Why your tech stack needs an update

Ian Cohen from LOKKER offers insights into data privacy oversight and explains why your tech stack needs an update. This article originally appeared on Insight Jam by Solutions Review, an enterprise IT community that enables human dialogue around AI.

Browsing the internet these days is like a game of whack-a-mole if you want to keep your data private and avoid being solicited for a relationship on every website every day. The appetite for our personal data is inexhaustible. As a result, unauthorized tracking and sharing of data is ubiquitous. For companies trying to adapt to a very complex and rapidly changing regulatory environment, this task can be a daunting challenge, as much of this data collection takes place in the background, often without the knowledge of the website owner.

This is a technological problem that is due to cloud services and their delivery, so the problem is rooted in the way we build our websites. Since this fact remains constant and is not likely to change anytime soon, IT leaders must ensure that their technology stack includes effective tools to detect, block and monitor unauthorized third parties collecting data from web visitors.

Most data protection solutions on the market are inadequate and do not provide real-time detection and blocking. This article examines:

  • The importance of web privacy for companies

  • Deficiencies in current technologies that contribute to privacy issues

  • Steps to address data protection gaps in your organization and technology stack

Data protection: A complex problem for technology managers

Data privacy laws are relatively new but evolving rapidly. Since the first comprehensive state data privacy law (CCPA) went into effect in 2020, 19 additional laws have been passed at the state level. Currently, seven states have data privacy laws in place, each with slightly different requirements. Industry-specific regulations such as HIPAA for healthcare and GLBA for financial services add further complexity. Understanding these requirements is the first challenge IT leaders face in building an effective tech stack to address data privacy risks.

Another challenge is finding the right technology to address these issues. While tools such as cookie consent managers and data subject rights systems have proven to be the right technology for compliance areas, they often lag behind evolving legislation and do not address the full extent of data protection concerns. Our research has found that over 90% of consent management platforms are misconfigured or not properly updated, leading to data leaks.

Common problems with consent tools include:

  • Cookies are loaded early: Cookies may be loaded before the consent banner appears, allowing user data to be collected even if users select “Reject All”.

  • Outdated banners: Some consent banners are not updated in real time. This means that tracking technologies may be present on the website but are not shown in the banner, preventing the user from consenting to them. This allows data collection without consent.

  • Blocking error: Data may be collected even if the user selects “Reject all”.

  • Missing banners: Some websites are completely missing consent banners.

  • Subjective categorization: Different companies classify tracking tools differently, resulting in inconsistent categorization. Non-essential tools may be incorrectly listed as necessary.

  • Limited scope: Banners often only deal with cookies and neglect other data collection methods such as pixels, fingerprinting and piggybackers.

These are just a few examples. What's really worrying is that most of the time, the people implementing these tools don't realize that they aren't implemented correctly and therefore don't realize that it leaves their organization vulnerable.

Another challenge for IT leaders is balancing the needs of different stakeholders when selecting data protection technologies. Legal, privacy and compliance teams try to avoid legal issues and typically recommend tools with the most stringent data protection measures. In contrast, marketing teams rely on tracking tools to measure campaign effectiveness, which often conflicts with data protection requirements. In addition, there is a drive to consolidate technology stacks to reduce costs and simplify operations.

IT leaders must select technologies that address privacy concerns, support marketing goals, and fit within budget. Most importantly, the solution must be automated, reduce manual work, and not introduce new requirements. This complex challenge requires thorough discovery and evaluation of privacy tools during the sales process to ensure all requirements and protections are met.

Ahead of the times: Proactive action towards future data protection requirements

To effectively navigate the evolving regulatory landscape, IT leaders need transparency first and foremost. That transparency must include context, including an understanding of changing market trends and the regulatory intent behind new laws. While each law may have nuances, a good place to start is to focus on the central goal of these regulations: preventing unauthorized and illegal data collection.

When evaluating privacy and consent providers, consider the following questions:

  • How frequently does your platform scan for privacy risks? Does it identify and remediate risks in real time, or are manual scans required for new trackers and technologies? Platforms that require manual intervention can leave your organization vulnerable if issues take days, weeks, or months to identify.

  • Does your privacy platform only address cookie consent or does it also protect against unauthorized data sharing through other methods such as session replay tools, trackers, pixels and fingerprinting? Ensure protection against all types of data collection, not just cookies.

  • Can the platform independently block downstream or piggybacking trackers, and can it block these third parties without removing the primary functionality that product and marketing require? This is critical for marketers who require consent and want to use platforms for advertising and measurement while keeping data confidential.

  • Can your platform detect and block newly discovered trackers? Trackers can be introduced dynamically and in real time, complementing each other. Without this capability, you cannot protect your customers' data.

  • How complex is the implementation? The more configuration required, the higher the risk of internal errors if documentation is inadequate. Ask about the configuration required and whether the default settings ensure compliance with data protection laws.

  • What kind of reporting and transparency does the platform provide? Make sure the platform provides insights that are useful to privacy, legal, IT and marketing teams.

Data protection issues are becoming increasingly complex, thereby exposing your business to more vulnerabilities. As an IT manager, it is imperative to proactively address these challenges with the right tools and processes in place. As we all know, if the integration feels too complex or difficult, things are likely to get much worse after deployment!

You may also like...