In the years since, web analytics and tracking have continued to evolve, along with its use cases. Politicians and advertisers quickly discovered the value and impact that customer data can have when it comes to shaping public opinion and yielding campaign success. This revolution spotlighted the urgent need for data privacy regulation and kickstarted global debates around individual privacy rights.
The Evolution of Privacy Regulations
In 1995, the European Union (EU) adopted the EU Data Protection Directive which was superseded by the General Data Protection Regulation ( GDPR ) in 2018. The GDPR is a significant piece of EU legislation that’s recognized worldwide as a key component of both privacy and human rights. In fact, it sparked a global conversation around individuals’ rights to their personal data and spearheaded data regulation for international businesses. In addition to Europe’s data regulations, the United States introduced the California Consumer Privacy Act (CCPA) to govern how businesses manage personal information.
Respecting Personally Identifiable Information (PII)
Collecting and storing personally identifiable information ( PII ), such as emails, in 3rd party web analytics tools like Adobe Analytics is prohibited, and if violated, can result in potential lawsuits. While most firms work diligently to avoid collecting and storing PII, on occasion, PII gets stored in web analytics data warehouses – and removing that PII is often both time-consuming and expensive.
To avoid expensive legal fees and extensive time spent removing PII, prevention is key for an optimal digital strategy and success. A general best practice is to work with web developers to ensure PII doesn’t get processed or pushed to the data layer by mistake.
Best Practices for Blocking PII
A straightforward method to block PII from being collected is to use Adobe Analytics processing rules. Processing rules help simplify data collection by blocking PII before it reaches the Data Warehouse. To set up these rules, follow the steps below:
- Launch Adobe Analytics, click Admin, click Report Suites, click Processing Rules.
- Click “Add Rule”
- Give the rule a title such as “Block URL with PII”
- Select a dimension such as “Page URL”
- Select the condition “contains”
- For Any of enter “@”.
- Add Condition
- Select “Overwrite value of” “Page URL”
- Select “Custom Value”
- Enter custom text such as “URL deleted because of pii”
If you want to also protect your tool from storing emails, repeat steps 1-10. It is recommended to test this on a non-production report suite before deploying it to a production report suite.
Block Numbers from Internal Search
While no organization intentionally collects or stores social security numbers in 3rd party analytics tools, it is possible for social security numbers and account numbers to find their way in via internal search.
Consider this scenario: a user is curious if their social security number is stored on a website, so they enter it as an internal search. This is an unlikely scenario, but it is possible, and the result is the social security number being sent to a data warehouse, which is expensive to remove. The remedy is to block all numbers from the internal search dimension. See the screenshot below.
Even with advanced data tools like Adobe Analytics, unwanted data can slip through the cracks. As project leads and data consultants, it’s critical we do our due diligence in monitoring analytics tools for privacy compliance and educate each other on best practices for data collection.