To help identify trends in privacy representations, BCLP reviewed the websites and privacy notices of those Fortune 500 companies identified as primarily engaged in the life and health care industries by Dun & Bradstreet.
The data shows that there is no one strategy for disclosing privacy practices to consumers, or for complying with federal and state laws – including the CCPA – that govern data privacy. The following summarizes current industry trends:
- Privacy notices are, on average, less than six months old, and track the age of the overall Fortune 500.
- While the majority of companies have updated their privacy notices for the CCPA, about a quarter of the industry has not addressed the statute.
- Insurance companies are complying with some, but not all, of the enumerated category disclosures required by the CCPA.
- Unlike the Fortune 500 generally, insurance privacy notices that reference enumerated categories are predominantly using lists (instead of tables or charts) to convey information.
- While the majority of companies state that they do not sell personal information, a significant percentage are silent or unclear about their selling practices.
- The vast majority of websites and privacy notices do not include a “Do Not Sell” option.
- Those companies that are disclosing the sale of information are complying with the CCPA’s requirement to provide a “Do Not Sell” option.
- Most insurance companies offer access and deletion rights.
- The Insurance industry is, on average, utilized a greater number of advertising cookies and tracking pixels than the Fortune 500 generally.
- The average quantity of behavioral advertising cookies on a corporate homepage is 12.5.
- Significantly fewer life and health insurance companies are deploying a cookie notice or banner than are general Fortune 500 companies. Those that do are attempting to obtain opt-in consent.
[View source.]