New FTC Requirements Make TrackerReveal a Smart Choice 

While cookies, pixels, and other tracking tools are ever-present online, the finance, consulting, and healthcare sectors face unique challenges in ensuring compliance. The newest requirements set by the Federal Trade Commission (FTC) and in Payment Card Industry Data Security Standard (PCI DSS) version 4.0 make a website tracking tool like TrackerReveal essential. 

FTC Data Breach Requirements are Underway

As of May 13, 2024, non-banking financial institutions regulated by the Federal Trade Commission (FTC) must submit notifications of data breaches or other security events that impact 500+ consumers. The Safeguards Rule reflects Congress’ intent that businesses “protect the security and confidentiality of those customers’ nonpublic personal information.” 

A website tracking tool can help identify potential data leakage points by monitoring data flow within the website ecosystem. This includes tracking third-party scripts, cookies, and other tracking mechanisms that may inadvertently expose sensitive data to external sources.

Non-banking financial institutions can expect increased FTC engagement on cybersecurity-related risks for financial institutions and increased investigative activity. This includes:

• financial technology companies
• mortgage brokers
• credit counselors
• financial planners
• tax preparers

In providing the rationale for the notice requirement, The U.S. Securities and Exchange Commission (SEC) stated that “the FTC will not have to devote resources to continually search for breach notifications posted by other sources to know that a financial institution has experienced a breach” and will be able to “identify breaches that merit investigation more quickly and efficiently.”  

On April 26, 2024, the FTC announced a final rule modifying the Health Breach Notification Rule (HBNR). Additionally, in March, the FTC released the 2023 Privacy and Data Security Update detailing agency actions related to AI, health privacy, and other key areas. 

PCI DSS Version 4.0 Includes Requirements for Scripts

By March 31, 2025, companies that accept, process, store, or transmit credit card information must comply with PCI DSS v4.0, emphasizing the importance of continuous monitoring and risk assessment. This includes new requirements around scripts on payment pages that need authorization to run and integrity checked to ensure they haven’t been edited or changed. This helps to prevent scripts from covertly performing unauthorized actions, such as collecting cardholder data.

While scripts help simplify web browsing and are widely used online, they can be compromised and changed without your computer’s knowledge or your antivirus targeting them. If you run an e-commerce site, you may have scripts you may not be aware of being inserted by third-party providers. This can leave a page open to attack and exploitation by cybercriminals. 

OCR Gives Guidance for HIPAA-Covered Entities

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released updated guidance in March for entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The guidance clarifies for HIPAA-covered entities and their business associates that using online tracking technologies is subject to HIPAA Rules.

Since the HHS has determined that website tracking technologies can result in the collection of data that violates the HIPAA Privacy Rule, officials responsible for HIPAA Privacy and Security will want to be part of the conversation with a website developer, hosting provider, or marketing team. Their involvement will ensure covered entities and business associates that the data collected on a website remains private and secure at all times, whether it’s being used, stored, or transmitted. Learn more in our recent blog article.

TrackerReveal Helps Ensure Data Security 

TrackerReveal is your partner in achieving privacy and security for your website. Equip your business with the tools to identify website trackers, manage risks, maintain compliance, and ensure your website remains secure and trustworthy.  You will gain valuable insights into your website’s performance and user engagement by effectively managing all third-party trackers in real-time with Cyndelos AI-powered automated scans. With risk-ranked findings, you can prioritize next-step actions and focus your efforts where they matter most.