Expand my Community achievements bar.

SOLVED

Checks in Offline File Onboarding Process

Avatar

Level 3

When an offline file is on-boarded into AAM, and especially if it contains some sensitive / PII data from CRM or other internal systems (lets assume someone did it with complete ignorance) e.g. ingesting email ids (abc@xxx.com) or phone numbers (XXXXXXXXX), does the onboarding job pinpoint this and cancel the onboarding routine completely stating discrepancies found? I assume phone #s or email ids can be found out programmatically via matching RegEx but for other PII data types (income, gender, age)? Or, one has to control explicitly via data export controls stating that this data source contains sensitive data and can be destined only for onsite personalization (Target) and NOT for offsite AD targeting (e.g. DSP). Pl throw light on this

1 Accepted Solution

Avatar

Correct answer by
Employee

As the data processor, AAM is built to enable clients to create, manage, and activate audiences at scale.  Privacy by design is at the cornerstone of the DMP.  As data controllers, Adobe customers own their data and determine how it will be used.  Personal data – such as first name/last name, phone number, or email address is prohibited from being ingested in Audience Manager. 

Features in AAM that help address privacy:

RBAC – Rule based access controls enables you to create Group permissions tied to objects such as traits and segments and to actions you can perform on those objects (edit, view, etc.).

Data Export Controls – we have a patent on this feature! Data Export Controls prevent you from sending data to destinations when this action violates data privacy or data use agreements.

Time to Live – time-to-live (TTL) interval for a trait. TTL defines how many days a qualified visitor remains in a trait. Say you set it for 30 days because after that period, they no longer qualify for a promotion. They will fall out of the trait and any segments created off of that trait in 30 days.

As a result of GDPR, there have been updates to data retention.  For CRM-level profiles, data is deleted after 2 years (24 months) of inactivity.  For Customer Data Feeds (CDF), data is deleted after 8 days.  For outbound data (batch data that AAM sends to 3rd party activation partners), data is deleted after 8 days.

There are also Experience Cloud GDPR APIs for access and delete.  Access requests for central service to retrieve all data corresponding with provided user id's.  Delete requests for central service to delete all data corresponding with provided user id's.

View solution in original post

2 Replies

Avatar

Correct answer by
Employee

As the data processor, AAM is built to enable clients to create, manage, and activate audiences at scale.  Privacy by design is at the cornerstone of the DMP.  As data controllers, Adobe customers own their data and determine how it will be used.  Personal data – such as first name/last name, phone number, or email address is prohibited from being ingested in Audience Manager. 

Features in AAM that help address privacy:

RBAC – Rule based access controls enables you to create Group permissions tied to objects such as traits and segments and to actions you can perform on those objects (edit, view, etc.).

Data Export Controls – we have a patent on this feature! Data Export Controls prevent you from sending data to destinations when this action violates data privacy or data use agreements.

Time to Live – time-to-live (TTL) interval for a trait. TTL defines how many days a qualified visitor remains in a trait. Say you set it for 30 days because after that period, they no longer qualify for a promotion. They will fall out of the trait and any segments created off of that trait in 30 days.

As a result of GDPR, there have been updates to data retention.  For CRM-level profiles, data is deleted after 2 years (24 months) of inactivity.  For Customer Data Feeds (CDF), data is deleted after 8 days.  For outbound data (batch data that AAM sends to 3rd party activation partners), data is deleted after 8 days.

There are also Experience Cloud GDPR APIs for access and delete.  Access requests for central service to retrieve all data corresponding with provided user id's.  Delete requests for central service to delete all data corresponding with provided user id's.

Avatar

Employee

Also, it should be noted that the customer is contractually obligated to not send personal data.  There are not triggers on the Adobe side to stop this from happening.