Privacy By The Numbers
This percentage of Americans say they often click “agree” without reading privacy policies.
What is 56%?
These small text files stored on a user’s device when accessing a website are called this.
What are cookies?
Personal data should not be kept longer than necessary, a concept known as this.
What is limited retention?
This type of social engineering attack uses fake emails, calls, or texts to trick victims into revealing sensitive information.
What is phishing?
This principle of Privacy by Design ensures privacy is considered from the start, not as an afterthought.
What is “Proactive not reactive; Prevent not remediate”?
As of 2025, this many countries have enacted national data privacy laws.
What is 144 countries?
These cookies are essential for a website to function properly.
What are strictly necessary cookies?
A strong data retention policy helps ensure recovery efforts are faster after this type of event.
What is “System crash or outage”?
Attackers often impersonate someone in power to exploit this human tendency.
What is authority?
This EU regulation mandates “data protection by design and by default.”
What is GDPR?
According to Cisco, this percentage of organizations say customers would not buy from them if they failed to protect data.
What is 94%?
Cookies that remain after closing the browser session are called this.
What are persistent cookies?
Regular deletion of outdated data reduces this type of risk and potential penalties.
What is compliance risk (or fines)?
This attack involves compromising a website frequently visited by a target group rather than attacking individuals directly.
What is a watering hole attack?
If personal data will be processed either by the application or in related services, this assessment can help determine privacy risks
What is a Record of Processing Activity (RoPA)?
In 2024, this many individuals’ protected health information was exposed or stolen.
What is 276,775,457?
Cookies may collect what type of data?
What is personal data?
When creating a retention policy, you should first document this about the data processing activity.
What is the purpose?
One way to reduce the success of social engineering is to enable this multi-step login security measure.
What is multi-factor authentication?
This question helps determine if data is being lawfully processed.
What legal basis are we relying on to process the data?
About this percentage of Americans believe privacy policies are ineffective at explaining how companies use data.
What is 61%?
Websites serving targeted ads must provide this functionality to users regarding ad targeting.
What is the ability to opt out?
Instead of deleting data, companies may render it unidentifiable through this process.
What is anonymization?
AI-driven impersonation of voices and faces is known as this.
What is deepfaking?
This principle ensures that users can manage their own data and exercise their rights easily.
What is “Respect for user privacy – Keep it user-centric”?