Expand my Community achievements bar.

Webinar: Adobe Customer Journey Analytics Product Innovations: A Quarterly Overview. Come learn for the Adobe Analytics Product team who will be covering AJO reporting, Graph-based Stitching, guided analysis for CJA, and more!
Register now

Will having Visitor ID in the Data Layer pose PII concerns?

Avatar

Level 4
Level 4
8/19/24 12:40:39 PM

Hi Community - as the title my Company uses a data layer to capture visitor ID. The Visitor ID is the users email address with first and last name. The site is gated and the data layer is only updated once the user logs in. 

 

Will storing this information in Adobe pose PII issues? 

Views

238

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 3
Level 3
8/19/24 12:58:54 PM

@Yohan_khan00 
Updating the data layer only after login minimizes the amount of time PII is exposed. However, once the user is logged in, the data stored in the data layer could still be accessed via browser developer tools or browser extensions, posing a risk of PII exposure.

Even in a gated environment, it’s advisable to encrypt or hash PII before storing it in the data layer. This practice ensures that even if the data layer is accessed, the information remains protected.

Regulations like GDPR and CCPA still apply, even in a gated environment. You must ensure that users are informed about how their PII is being collected, stored, and used, and that you have obtained their explicit consent.

Only store the absolute minimum amount of PII necessary for the functioning of the site. For example, instead of storing a user’s full email address, consider storing a hashed version or a unique user ID.

Views

196

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
8/19/24 2:24:04 PM

Hi @Yohan_khan00 ,

Typically PII disclosure happens when you share your organization's sensitive data with any other third-party. As per my understanding, as Adobe data is hosted and subsequently owned by Adobe, having user Email addresses in plain text does pose security concerns. I suggest you take it with your Data Protection Officer. Also, you can hash the email address using any hashing technique such as sha256.

Views

213

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
8/21/24 11:38:39 AM

It's a good practice not to store PII information in the Data Layer object because it will be easily available to anyone concerned with Data linkage. 

But if you still need to pass this type of info in DL then it would be good practice to encrypt this type of information.

 

@ankitagarwal05 what are your thoughts on this?

 

 

Views

146

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
8/22/24 10:51:58 AM
In response to InderpreetSin

I have similar thoughts as you have. 

We should avoid storing any PII information in data layer, even if we are storing it then it should be hashed properly to avoid any leakage. 

Views

130

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Day of Week Dimension in Report Builder

Views

42

Likes

0

Replies

0
Discrepancy in Unique Visitors data when using different breakdown methods

Views

47

Likes

0

Replies

0
How to Track Users Who Add-to-Cart on Their First Product Detail Page View in Adobe Analytics?

Views

76

Likes

0

Replies

3
Correct cell format for downloaded 'Average time on site' metrics data (in .csv)

Views

124

Likes

0

Replies

2
Add new object into existing data layer

Views

234

Likes

0

Replies

8