While there is significant time and investments made by the CISO and Privacy offices to assure that user data is not leaked from the network, users’ data- often their most sensitive- is being leaked to third-parties by the myriad of analytics tools that are added to web applications even after they have passed their security testing and privacy impact assessments, thus creating a blind spot for those who are actually responsible for security and privacy. This talk will provide information to privacy and security professionals on how to identify third-party tracking code that has been added to their applications, how to assess the severity of the issue, and how to articulate the problem to their leadership.