Andy GibsonAs a digital marketer that’s focused on analytics consulting for many years, I’ve run into some really interesting issues. I obviously can’t share everything (you know, because of NDAs and stuff), but let me give you a few examples.
Within the last year, I was working with a larger publishing client who had a lot of third-party pages on their site. Third-party meaning the pages were actually controlled by a third-party, but sat on our client’s domains.
We were rolling out a new enterprise web analytics tool and tag management system for the client and so we needed to ensure the tag management system was included on every page of the site. This included these third-party pages that the client didn’t control.
(For those of you that don’t know, a tag is a snippet of JavaScript code that needs to be added to a website to track and analyze information. Marketing tools like HubSpot and Google Analytics use a tag to collect information on user behavior).
Once we had confirmation that everything was implemented, we wanted to ensure that the tag management system had 100% coverage across their entire site. We’re talking 10,000+ pages. So we performed a tag audit using TagInspector.com (an InfoTrust product).
Not only did we see hundreds of pages across their site with missing tags, but we also noticed the absurd amount of tags on the site. I’m talking between 50-60 tags, some of which the client had no idea about.
That’s a little bit scary, isn’t it? There could be tags on your site, collecting data on your users, without your direct knowledge.
Healthcare.gov
Let me give you a more concrete example. I wrote a post about a year ago when Healthcare.gov’s website went live. We ran a scan of the site to see what digital marketing and analytics technologies the site was using. The results were quite shocking. So shocking, in fact, that I was interviewed by TV stations and even spoke with a US Senate Committee about the results.
Healthcare.gov TagInspector.com Scan – Spring 2014
The most curious part of the results were the number and types of advertising tags on the site. With this being a healthcare site, the sensitivity of the data being collected on the site is extremely high. However, when I checked the information being collected by some of these tags against the Privacy Policy for the website, I noticed there was a disconnect.
Let me add a quick note here: I am in no way saying the government or agencies working on healthcare.gov were collecting any data outside of what was stated in the Privacy Policy. In fact, my guess is that they had no idea some of these tags were even on the website.
Also, we’ve run scans since and the site no longer has the issues we originally identified.
How Can This Happen?
It generally happens through a concept known as tag piggybacking. Essentially, by adding one tag on your site, it loads additional tags. This can happen without your knowledge.
From the healthcare.gov scan results above, you can see certain advertising tags that load additional tags (nodes from left to right). This is a sign of tag piggybacking.
The purpose, I can only assume since I don’t work for one of these companies, is to collect additional information on the usage of the advertising tags along with high-level aggregate data on users.
I want to be careful because many of these advertising companies do great work and offer great products. In no way am I saying they are being malicious. But, if it’s my website, a site I own, I want to know EVERYTHING that’s on it.
How To Identify Issues On Your Site
The easiest way to identify these types of issues on your site would be to use a tag auditing tool. It will show you all of the tags on your site and provide a brief explanation of what the tag is and what it does.
This is extremely crucial for companies with very sensitive websites, as you will want to ensure that only data in your Privacy Policy is being collected. However, I would argue that every site should perform an audit every few months (at least) to look for:
- Important tags that might have fallen off during website updates: This would include your web analytics tool, tag management system, advertising network tags, and so on.
- Tags that aren’t supposed to be on your site: There are certain tags that might be disallowed on your website. This could be tags that cause performance issues, collect certain types of data, etc.
- Tags you have no idea what they are or what they’re for: These are the red flags that you should look into. Where are they loading from? What pages are they on?
With privacy and security becoming a hot topic for US consumers, the emphasis on data collection will only increase. Make sure you’re prepared.
(244)
