Over the past 3 months, we have come across 3 instances where personally identifable information (PII) is being stored in URL query strings. Very surprising that this happens once, let alone 3 times.
All 3 sites are using Google Analytics, which means that they were violating the Google Analytics Terms of Service, which states:
The sites were passing contest entry, registration data and purchase transaction completion data to various backend transaction systems. These were 3 different companies, and one requires all vendors to sign an agreement that they will protect the privacy of customer data.
Google Analytics aside, the web developers should understand that they have just made PII very publically available since the URL is stored in browser history. Let’s say the contest entry visitor uses a public computer (e.g. at a hotel, Internet cafe, library, friend’s laptop…) and does not purge history after they leave the machine. Other users who pull up browser history have access to the data. Duh!
The consequences of such a misstep are clear. Prevention has to occur at the design stage. Auditing isn’t the answer but it will probably prevent launch of such a gaffe.
There has been plenty of talk about protecting private information.
So what basic understanding is missing such that this happens?