To show you how tough it can be to get this right, let’s look at the website of the global leader in trust and privacy technology, OneTrust – a consent management platform (CMP) that many of our customers use. If there's anyone that should be doing this right, it’s our friends over at OneTrust, so we’re going to use them for illustrative purposes.
Using the ObservePoint platform, we set up a high-level Discovery Audit to scan 1,000 pages on OneTrust’s public website. (Because OneTrust is great at privacy compliance, we had to dig a little deeper into their site to find anything we could actually discuss!) An ObservePoint custom tag can be configured to detect whatever we want, so we set it up to look for the phrase “privacy notice” on each page. If you go into the settings for this Audit and look at the On-Page Actions, you would see something like this little script here.
You don’t have to know what all this code means, but you will note there are specific lines to look for the phrase “privacy notice.” That's the specific standard that OneTrust uses on their website. So, hopefully, we would find that specific phrase on every page.
To review the results of this kind of scan (keyword search via the OP Custom Tag), you then would want to look specifically at variable-level data. This can be done in the Variable Inventory audit report, shown here:
As you drill into the specific tag (‘ObservePoint Data’) and variable (‘privacy notice’) we’ve set up, you can see any associated values found on each page for that check. In this Audit for OneTrust, we see for the “privacy notice” there are two unique values.
That means there are some pages with that link and some without… yikes!
The good news is that ObservePoint’s Audit can tell you not only how many pages these issues have been detected on, but also exactly which pages they are so you know exactly where immediate action can be taken to remediate problems.
In this case, a quick keyword check found that OneTrust may have some gaps in compliance as there are about 6% of pages on which we did not detect this required element – the most basic data privacy requirement that every website in the world should be meeting.
So, if even OneTrust – a leader in the data privacy industry—has a small percentage of pages potentially missing their privacy link, how do you think all other websites across the Internet fare in this same regard? How is your company’s website doing?
Read the next blog post in the Website Privacy Validation series: Is my "Do Not Sell/Share" link present on all pages?