Digital Sprawl undermining Privacy initiatives

What is digital sprawl?

Post COVID, the number of digital assets including websites, web applications and online content has continued to grow rapidly. Digital sprawl refers to the proliferation of these digital assets which occurs within organizations without proper oversight and control of them, e.g., websites can be created for a variety of reasons such as personal projects, experimental initiatives and promotional events.

How is digital sprawl undermining Privacy initiatives?

The considerable expansion and increased reliance of being online presents significant challenges for organizations already struggling with digital issues such as security and online governance, with a lack of corporate executive oversight at the heart of the issue.

The difficulty for senior management in being able to monitor this profusion is creating considerable additional exposure and immediate risks, which can easily lead to compliance litigation and financial losses as a result. Take privacy as an example; there is an overreliance on third party vendors and service providers who are quick to provide assurances regarding privacy - but has anyone in the organization actually checked the compliance status? In most cases, it’s the organizations that are liable for their privacy shortcomings, not the vendor or the service provider. Who really has a handle on what data is being collected, where is it going, who has access to it?

Privacy is just one example of an issue undermining wider ESG (Environmental, Social, and Governance) initiatives.

Forgotten content poses the greatest risk

The greatest concern is websites and content which has been forgotten. Across larger organizations, our research has shown that 41% of websites are ‘unknown’. Add this to the pages, sites and website addresses that have been added in recent years to keep pace with rapidly growing online requirements, and as much as 60% of an organization’s digital footprint could be out of its control.

Examples of digital sprawl

In the rush to get online, perhaps to meet some urgent business need, it’s common for departments within an organization to create their own websites, web pages and even add online services from third parties, often without the knowledge of central web or IT teams. These websites are delivered in the organization’s name without having been subject to the same level of governance, e.g., compliance and adherence to privacy policies. The organization bears all of the responsibility, but without any of the control.

What should be done?

The impact of digital sprawl and the increased dependance on an organization’s digital assets means that being online can no longer be regarded as a purely a web, technical or operational issue. It is a risk issue that sits squarely within the oversight responsibility of the executive board. Managing the impact, and reducing an organization’s risk, starts with mapping and monitoring of what is really out there.

Take a look at the Privacy Risk INDEX? for London Listed Public Companies which reports the impact of the use of non-consensual cookies and associated tracking technologies. https://rethinkingprivacy.com/pra-index#fqq40m