Data Sources & Methodology
PrivacyIntel operates as an objective observation terminal. Data is ingested from official regulatory feeds and technical scans, then matched to the Nasdaq 100 registry.
1. SEC EDGAR (Filings)
- Scope
- 10-K, 10-Q, and 8-K filings for Nasdaq 100 entities. Metadata analysis focuses on Item 1.05 (Cybersecurity Incidents) and Item 1A (Risk Factors).
- Refresh
- Daily sync.
- Objective
- Detection of material cybersecurity events and shifts in reported privacy risk profiles.
2. Privacy Policy Diffs
- Scope
- Raw text snapshots of official privacy policies and terms of service.
- Analysis
- Word-level semantic diffing using the diff-match-patch algorithm. Normalization is applied to filter formatting-only noise.
- Refresh
- Weekly sync (Sundays).
- Classification
- Minor/Moderate/Major labels are strictly derived from the percentage of text-delta and the presence of technical legal keywords (e.g., "retention", "third-party").
3. DPA / Global Enforcement
- Scope
- Enforcement newsrooms from the US FTC and Tier 1 European Data Protection Authorities (Irish DPC, CNIL, ICO, EDPB).
- Matching
- Localized subsidiary names (e.g., Meta Platforms Ireland) are mapped back to the parent ticker using an automated entity registry.
- Refresh
- Weekly sync (Mondays).
4. State Attorney General Notifications
- Scope
- Breach notifications filed with State Attorneys General.
- Refresh
- Weekly sync (Wednesdays).
- Limitations
- Coverage is limited to jurisdictions with public-facing, machine-readable notification portals.
5. Website Privacy Scans
- Scope
- Deep-crawling of company-owned domains via the Cassandra scanner to detect active trackers, fingerprinting scripts, and data leak vectors.
- Refresh
- Weekly sync (Wednesdays).
- Analysis
- Findings are reported as objective data points (counts and source domains of discovered trackers) without speculative interpretation.