Is it Time to Analyze Analytics?
Website analytics are a key part of understanding whether a website “works,” and how to improve it; they arose almost at the same time that companies began using websites to transact business. For the most part, and for a long time, website analytics were seen as benign – a way to track information without trampling on an individual’s privacy rights. But the multitude of ways in which companies collect information on websites without a user’s knowledge make it more and more likely that a website owner can find itself in violation of privacy laws.
More than that, analytics have become a security issue. The tools used to collect visitor data – cookies, pixels, beacons, and other technologies – have created a risk surface that can allow bad actors to identify targets and breach defenses. At the same time, the nature of these tools makes them one of the risks that companies can manage, allowing them to comply with privacy mandates and reduce cyber risk.
In the Beginning . . .
Originally, analytics were limited. Cookies and other devices allowed a website recognize a user, and to smooth the operations of the website. This little piece of code on your computer made it easier to log on to a website, to complete a purchase, and to see the information you look for. Although cookies did allow the website to recognize a user – essentially, to collect personal information – they were generally limited to the website; they were also typically “session cookies” used to facilitate a single user session, or “persistent cookies,” allowing the site to differentiate a new visitor from a prior visitor.
Since then, the tools used to identify website visitors and their actions have exploded in both numbers and potency, creating opportunities and challenges for website owners. Continue reading