New Cookie Auditing FeaturesBy: Richard Beaumont | Friday, April 10, 2015 | Tagged: Cookie Audit, Digital Governance, Accountability | Leave Comment
We recently conducted a survey of users of our Privacy Audit platform, to find out what we could do to improve it for them.
To all of those that responded, we’d like to say a big thank you. More importantly however we can now also say: You asked, we delivered.
The most requested feature was for scheduled audits along with an archive of previous reports. So we went away, thought about it, built it, and we are now ready to roll it out.
We have now set up all accounts to be capable of running an automatic re-audit of each domain every three months. The plan is to gradually switch all accounts over to this system, so existing customers do not need to take any action. However if you want to use the feature now or get your sites scheduled round particular dates – do let us know. If you have a particular need to run audits every month, we can also accommodate this on request.
Scheduled audits run overnight (UK time), so the disruption is kept to a minimum. We will send you an email to your registered address when the audit is complete. Over time we hope to add more information into this email – such as a summary of findings. Any requests for particular information will be considered and added to the plan.
We believe this is an important feature because it is easy for a site to change without those responsible for digital governance being aware of it – and that can mean public statements and promises in cookie and privacy policies can become inaccurate over time, which in turn creates compliance risks for the business.
Archiving Reports and Old Cookies
At the beginning of each scheduled audit, we do two things. We create a copy of the most recent report, and put it into an archive, which you can then access via a new ‘View History’ button.
Then in the original version of the most recent report, we delete the cookies that have previously been marked as ‘No Longer Found’ - denoted by the red bar on the left hand side of the page.
This means that when the new audit is completed, it will only contain a list of cookies that are current on the site, or that were current on the last audit, but were not found in the most recent one.
The aim is to make the report easier to read while preserving the ability for you to quickly see which cookies are no longer in use on your site. It also means that we can develop new reports showing a time based cookie profile of each domain, which we expect to become part of an organisational accountability program. These are an increasing feature of maturing privacy governance activities in larger enterprises in particular.
Manual Audit Clear Out
The ability to run an audit manually in between the scheduled ones has of course been maintained, but now also enhanced. You can now choose to delete old cookies in a manual audit, or not, depending on what you want to achieve.
The default is not to delete, which means that the manual audit will work in the same way as the scheduled audit, detecting new cookies, and marking anything no longer found in red.
However, if you have just launched a new version of your site and want to capture an all new set of cookie data, then simply tick a new box when initiating a new audit. All cookies will then be cleared out before running the new audit, giving you a completely clean slate to work with. Of course you will still have the History to look up the older cookies.
Beyond these new features, we have also a number of others we are working on. These include:
- Identifying new and old tags in the same way as we do cookies (Update 13 April - this has now been rolled out)
- Benchmarking domains against aggregated data from other audited sites
- A Privacy Risk Indicator, giving you meaningful feedback on what your audit means for your visitor’s privacy, and simple advice on steps you can take.