Footsie companies risk fines for failing to secure cookies

A stunning 99 per cent of the FTSE 100 are failing to secure their cookies and releasing consumer data to third parties, thus risking breaching the trust of their site users, and setting themselves up for pretty high fines down the line, a new research shows.

Research by the UK IT services company Cookie Reports has found that only one company in the FTSE 100 admits to recently auditing cookies on their websites, despite a new EU Regulation about to come into force.

Fines for the breach can go up to two per cent of global revenue.

The research audited each FTSE 100 company's website to check if its cookie policy was compliant with EU Directive. The research revealed that only one company in the whole FTSE 100 stated that it had audited its cookies in the past month, meaning that many are likely to be non-compliant and potentially exposing sensitive information to third parties regarding its site visitors.

This audit follows an initial cookie sweep by the European Union of 478 sites in eight EU countries revealing that 70 per cent of the 16,555 cookies identified were set by third parties.

Cookies are files that can be set by the website owner or, more likely, by third parties running advertising networks or delivering functions (like analytics) for the website. Cookies can contain personally identifiable data (as defined by the EU) and could potentially expose visitor data to the outside world.

The research also examined the level of compliance by sector, revealing insurance, hospitality, pharmaceutical and retail as the worst performing sectors.

"From a privacy perspective, this is particularly concerning as organisations may be unwittingly sharing their consumer's data with unknown third parties" explains Stephen Hickey, CEO of Cookie Reports. "It would appear that companies are unaware of what data is being exposed and how long for."

"The fact that the consumer facing sectors are the worst performing demonstrates an immediate need for education on cookie law, followed by strong compliance action. Brand damage caused by data breaches is extremely difficult to repair. Large corporate data compliance fines tend to hit the front pages,” commented independent industry analyst, Stephen O'Donnell.