Osano Discovers Direct Relationship Between Poor Privacy Practices and Data Breaches

Austin, Texas - July 21, 2020

Osano, the industry leader of data privacy transparency, released a report analyzing the relationship between a company’s privacy practices and their likelihood of experiencing a data breach. The Osano Data Privacy and Data Breach Link reveals a predictive relationship between responsible privacy practices and security outcomes. Companies with inadequate data privacy practices are 80 percent more likely to suffer a data breach than those with the highest-ranked privacy practices and will face fines seven times larger than companies with the best scores in the event of a data breach.

In response to the growing complexity of the data privacy landscape, Osano developed the Osano Privacy Score. This evaluation framework measures the privacy practices of the top 11,000 websites against 163 different factors -- including if a company sells, shares or licenses data to third parties or affiliates, or if a company knowingly collects data about children under the age of 13 -- to establish a clear and simple benchmark for privacy performance. In its analysis, Osano identified a recurring pattern, organizations with high privacy scores were less likely to experience a breach.

Key findings include:

• Companies with the worst privacy practices are 80% more likely to experience a data breach.
• Companies in the lowest quartile of privacy scores lost 600% more records than companies with better privacy scores.
• The worst privacy actors are the least likely to be able to retrospectively identify the root cause of a breach.
• Of the entities that get breached, governments have the worst scores.
• Educational and government websites are 15x more likely to experience a breach than commercial sites.

“In the face of nonstop breaches and increased data security awareness, consumer and shareholder confidence in businesses is slowly eroding. Businesses that fail to protect sensitive data will face serious negative consequences, and the report proves just how these phenomena move hand-in-hand,” said Osano Co-Founder and CEO, Arlo Gilbert. “There is a perception that privacy issues are akin to a speeding ticket -- a risk worth running. Companies that don’t change their perception are facing higher odds of experiencing a data breach and losing the trust they’ve built with their customers.”

The correlations between data breaches and Osano Privacy Scores stem from many causes including willful ignorance, oversight of privacy best practices that increase risk exposure, and company culture around responsible data stewardship. Another key link between data breaches and privacy practices is third party vendors. The average company shares its data with 730 different vendors, and according to the Internal Auditors Research Foundation, third parties were responsible for two out of every three data breaches.

Many companies are lagging behind current data privacy requirements. By prioritizing best-in-class privacy practices, companies can reduce the risk of security incidents and demonstrate their trustworthiness to customers. For more information visit osano.com.

Full results of The Osano Data Privacy and Data Breach Link can be found online at osano.com/privacy-breach-link. 

Privacy Score Methodology

The Osano Data Privacy and Data Breach Link Report was conducted in May 2020, analyzing Osano Privacy Scores from that month against publicly available data breach information over the past 15 years. The Osano Data Privacy Score was built by a team of two dozen attorneys who interpreted and analyzed the Osano database of company privacy materials, and created 163 factors to evaluate to determine privacy posture. The full database measures performance for the top 11,000 most visited websites according to Alexa Internet rankings. Scoring began in April 2019, and is continually and automatically updated any time a company changes its privacy practices or policies. 

About Osano

Osano is an easy-to-use, complete data privacy platform that quickly helps businesses to become compliant with virtually all privacy legislation around the globe. Platform features include consent management, data subject access requests, GDPR representative services, and vendor monitoring. Its cookie consent management software is the most widely used in the world. More than 750k companies trust Osano to ensure more than 2 billion monthly visitors comply with data privacy legislation.