As It Turns Out, Poor Privacy Practices Have a Lot to Do With Successful Data Breaches

For years, you've been listening to security specialists saying how important it is to read through a service's privacy policy and terms of service before signing up. For years, you've been ignoring this advice. There is a very good reason for this as well. A typical privacy policy is an incredibly long document full of lingo that is completely undecipherable to people without law degrees. Reading through the entire policy and decrypting the legalese would ruin your productivity, which is why you opt to click the 'I accept' button without actually knowing what you've just accepted. Researchers from Osano decided to see what the potential implications of this might be, and they discovered an interesting connection between the contents of a service provider's privacy policy and the likelihood of having your personal data exposed.

Researchers go through the privacy policies of 11 thousand websites

Osano's researchers wanted to be as thorough and as methodical as possible. They gathered a team of attorneys and tasked them with evaluating the privacy policies of no fewer than 11,000 of the world's most popular websites. Before they did that, however, the experts would design a complicated scoring system that takes into consideration 163 different factors in order to rate a website's data privacy practices.

The websites were divided into four quartiles. The top quartile was reserved for the service providers that pay the most attention to users' privacy. Websites that are very transparent about the way they handle users' data end up in this quartile. In the second one, the researchers put online services that may share data with other parties, but also provide opt-out mechanisms. Websites in the third quartile overstep the mark when it comes to good privacy practices. In here, you can find websites that may engage in data brokering without explicit consent from the user. Finally, in the fourth quartile, you have websites that have outdated or no privacy policies. In these cases, users have no way of knowing how many eyes would end up looking at their data.

There is a connection between the lack of data privacy and the likelihood of a data breach

After doing some research on the websites that were examined in the study, Osano's experts determined that just under 2.8% of them have reported a data breach over the last fifteen years. When they saw how these websites were distributed among the quartiles, however, the researchers saw a definitive trend.

Only 1.86% of the websites with the highest privacy scores have reported a data breach, whereas in the fourth quartile, this percentage goes up to 3.36%. In other words, websites that don't do enough to protect your privacy are 80% more likely to be hit by a data breach.

There is a connection between the lack of data privacy and the size of the breach

So far, the findings may seem rather logical. The lower the privacy score, the higher the number of third parties your data is shared with, and the higher the chance of something going wrong. When they dug a bit further, however, the researchers realized that there's also a correlation between service providers' data privacy practices and the damage users must incur in the aftermath of a data breach.

Having gone through the information, the researchers calculated that, on average, websites in the first three quartiles lose around 7.7 million data records per data breach. This, you have to agree, is not an insignificant number, but it's nothing compared to the 53.4 million records lost by service providers with low privacy scores.

Osano's research shows that some service providers either don't know how they can put your privacy at risk or they just don't care. They only way of figuring out whether you've engaged with them is to read through the privacy policies of every single website you use. Sadly, this is where the problem outlined in the first paragraph of this article rears its head.