Expand my Community achievements bar.

Will having Visitor ID in the Data Layer pose PII concerns?

Avatar

Level 4

Hi Community - as the title my Company uses a data layer to capture visitor ID. The Visitor ID is the users email address with first and last name. The site is gated and the data layer is only updated once the user logs in. 

 

Will storing this information in Adobe pose PII issues? 

4 Replies

Avatar

Level 3

@Yohan_khan00 
Updating the data layer only after login minimizes the amount of time PII is exposed. However, once the user is logged in, the data stored in the data layer could still be accessed via browser developer tools or browser extensions, posing a risk of PII exposure.

Even in a gated environment, it’s advisable to encrypt or hash PII before storing it in the data layer. This practice ensures that even if the data layer is accessed, the information remains protected.

Regulations like GDPR and CCPA still apply, even in a gated environment. You must ensure that users are informed about how their PII is being collected, stored, and used, and that you have obtained their explicit consent.

Only store the absolute minimum amount of PII necessary for the functioning of the site. For example, instead of storing a user’s full email address, consider storing a hashed version or a unique user ID.

Avatar

Adobe Champion

Hi @Yohan_khan00 ,

Typically PII disclosure happens when you share your organization's sensitive data with any other third-party. As per my understanding, as Adobe data is hosted and subsequently owned by Adobe, having user Email addresses in plain text does pose security concerns. I suggest you take it with your Data Protection Officer. Also, you can hash the email address using any hashing technique such as sha256.

Avatar

Level 3

It's a good practice not to store PII information in the Data Layer object because it will be easily available to anyone concerned with Data linkage. 

But if you still need to pass this type of info in DL then it would be good practice to encrypt this type of information.

 

@ankitagarwal05 what are your thoughts on this?

 

 

Avatar

Level 4

I have similar thoughts as you have. 

We should avoid storing any PII information in data layer, even if we are storing it then it should be hashed properly to avoid any leakage.