Qualys, the soon-to-go-public provider of cloud security and compliance solutions, today said that its flagship QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive that will be enforced in the United Kingdom (UK) effective on May 26, 2012.
Last May, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to get permission from visitors before they can store cookies or other information used to track their online actions.
The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions — fundamentally changing how web application owners interact with users. One of the challenges with the new regulations for many organizations is identifying if a particular site or web application is using cookies that require the user’s consent. While customers may not be aware that companies are tracking their activity, companies that utilize such tracking techniques by utilizing third party services may not even be aware that their activities may be in violation of the Cookie Law, Qualys explained.
According to the results of a study on the behavioral tracking on 269 different sites, Keynote Systems discovered that 86 percent of the sites analyzed included third-party tracking of site visitors and, as a result, violated one or more common tracking-related U.S. privacy standards.
With the new features added to QualysGuard, organizations can identify the cookies that their web applications are using, including those issued by third parties. Using the information gathered, organizations can then evaluate whether the cookies are subject to the law and then update the web application to ensure it meets the EU legislation.
While the EU cookie legislation went into effect last year, the UK’s Information Commissioner’s Office (ICO) has set May 26, 2012 as the enforcement date. The ICO is the body responsible for enforcing the UK regulation, with authority to levy fines on web site owners up to £500,000. The ICO is also preparing a web site and tool that will allow users to check and report websites that do not comply with the regulations.
“As this new law impacts any web sites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their web sites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law,” said Philippe Courtot, chairman and CEO of Qualys.
This solution is available immediately as part of QualysGuard WAS 2.3. Earlier this motnth, Redwood City, California-based Qualys introduced a private cloud version of its QualysGuard Platform that allows customers and partners to host and operate the security and compliance platform within their data centers.