Expand my Community achievements bar.

SOLVED

Privacy Service and AEP Real-Time CDP

Avatar

Level 2

I have some questions about how the Privacy Service and Real-Time CDP work together.

 

  • Policy enforcement: What is the out-of-the-box policy enforcement within AEP? How can they create custom policy enforcements, especially for customer governance labels?
  • How does the Privacy Service use data governance labels? When removing a customer, does the Privacy Service remove sensitive data?
  • After using the Privacy Service to remove records for a user based on email, the data within RTCDP that was imported from Eloqua still has the email address within it? Why is this not removed by the Privacy Service? If this data is removed from Eloqua, will the deletion be synced with RTCDP? What if a record is removed from Eloqua? Will the data from Eloqua be removed from RTCDP? How do they remove all email addresses when deleting data using email as the user ID?
  • How are labeling and Privacy Service related? Their expectation is that the Privacy Service would remove all data marked as PII from the users record.
  • Is there documentation on the type of namespaces within the Privacy Service? What effect does changing the regulation type have on the user deletion and access requests within the Privacy Service? Does selecting different regulation types cause the data to be manipulated differently? What effect does changing the namespace type have on processing delete and access requests within the Privacy Service?
  • Does the Privacy Service have only two actions: delete and access?
  • Can AEP sync data back to Eloqua after it has been processed by the Privacy Service?
  • How can a customer get a report of all governance labeling within a schema?

Thanks,

X. Dupertious

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi  @Xavier_Dupertio 

I pulled all this information from documentation:

 

Policy Enforcement and Custom Policies

  1. Out-of-the-Box Policy Enforcement:
    • Adobe Experience Platform (AEP) provides built-in policy enforcement mechanisms to manage data privacy and compliance. This typically involves predefined rules for data access, retention, and deletion based on regulatory requirements like GDPR or CCPA.
  2. Custom Policy Enforcement:
    • You can create custom policy enforcements using Adobe's Policy Service. Custom policies might include specific rules for handling customer governance labels or unique organizational requirements. These policies are defined and managed through the Adobe Experience Platform's Privacy Service configuration interface, where you can set up custom rules and apply them to data based on labels or other attributes.

Use of Data Governance Labels

  1. Privacy Service and Data Governance Labels:
    • The Privacy Service uses data governance labels to identify and manage different types of data. Labels help categorize data according to its sensitivity or compliance requirements. When a request for data removal is made, the Privacy Service uses these labels to determine which records to process.
  2. Removing Customer Data:
    • When you request the removal of a customer, the Privacy Service typically deletes or anonymizes data based on the configured policies and labels. However, if data remains in other systems like Eloqua, it might not be removed unless those systems are synchronized or updated accordingly.
  3. Data from Eloqua and RTCDP:
    • If you remove a record from Eloqua, it may not automatically be deleted from RTCDP unless there is a synchronization process in place. The RTCDP may still have the email address or other data if the deletion hasn’t been reflected in RTCDP. Deletion in Eloqua doesn’t automatically sync with RTCDP; they operate independently unless explicitly integrated for data synchronization.
  4. Removing All Email Addresses:
    • To remove all instances of email addresses, you need to ensure that deletion requests are processed across all systems where the data resides. This usually involves coordinating with data sources and ensuring that the Privacy Service effectively updates or removes the data from all linked platforms, including RTCDP.

Labeling and Privacy Service

  1. Labeling and Privacy Service Integration:
    • Labeling helps the Privacy Service identify which data needs to be handled according to specific privacy regulations. The expectation is that the Privacy Service will act on data labeled as PII (Personally Identifiable Information) to ensure compliance with deletion or access requests.

Documentation and Namespace Types

  1. Namespaces and Regulation Types:
    • The Privacy Service documentation details different namespace types and their effects. Regulation types influence how data is processed and handled for deletions or access requests. For instance, GDPR might have different requirements compared to CCPA, affecting how data is managed.
  2. Changing Regulation Types:
    • Selecting different regulation types may alter the processing rules for deletions and access requests. Different regulations have unique requirements for how data must be handled, and changing the regulation type adjusts the Privacy Service's behavior accordingly.

Actions of Privacy Service

  1. Privacy Service Actions:
    • The Privacy Service typically supports actions such as delete and access. These actions align with common privacy requirements where users can request deletion of their data or access to it.

Syncing Data and Reporting

  1. Syncing Data Back to Eloqua:
    • AEP can sync data back to Eloqua after processing, but this depends on the integration setup. You may need to configure synchronization settings to ensure that changes in AEP reflect in Eloqua.
  2. Governance Labeling Report:
    • To get a report of all governance labeling within a schema, you would typically use the Adobe Experience Platform’s reporting tools or APIs. Check Adobe’s documentation or dashboard options for generating such reports.

 

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi  @Xavier_Dupertio 

I pulled all this information from documentation:

 

Policy Enforcement and Custom Policies

  1. Out-of-the-Box Policy Enforcement:
    • Adobe Experience Platform (AEP) provides built-in policy enforcement mechanisms to manage data privacy and compliance. This typically involves predefined rules for data access, retention, and deletion based on regulatory requirements like GDPR or CCPA.
  2. Custom Policy Enforcement:
    • You can create custom policy enforcements using Adobe's Policy Service. Custom policies might include specific rules for handling customer governance labels or unique organizational requirements. These policies are defined and managed through the Adobe Experience Platform's Privacy Service configuration interface, where you can set up custom rules and apply them to data based on labels or other attributes.

Use of Data Governance Labels

  1. Privacy Service and Data Governance Labels:
    • The Privacy Service uses data governance labels to identify and manage different types of data. Labels help categorize data according to its sensitivity or compliance requirements. When a request for data removal is made, the Privacy Service uses these labels to determine which records to process.
  2. Removing Customer Data:
    • When you request the removal of a customer, the Privacy Service typically deletes or anonymizes data based on the configured policies and labels. However, if data remains in other systems like Eloqua, it might not be removed unless those systems are synchronized or updated accordingly.
  3. Data from Eloqua and RTCDP:
    • If you remove a record from Eloqua, it may not automatically be deleted from RTCDP unless there is a synchronization process in place. The RTCDP may still have the email address or other data if the deletion hasn’t been reflected in RTCDP. Deletion in Eloqua doesn’t automatically sync with RTCDP; they operate independently unless explicitly integrated for data synchronization.
  4. Removing All Email Addresses:
    • To remove all instances of email addresses, you need to ensure that deletion requests are processed across all systems where the data resides. This usually involves coordinating with data sources and ensuring that the Privacy Service effectively updates or removes the data from all linked platforms, including RTCDP.

Labeling and Privacy Service

  1. Labeling and Privacy Service Integration:
    • Labeling helps the Privacy Service identify which data needs to be handled according to specific privacy regulations. The expectation is that the Privacy Service will act on data labeled as PII (Personally Identifiable Information) to ensure compliance with deletion or access requests.

Documentation and Namespace Types

  1. Namespaces and Regulation Types:
    • The Privacy Service documentation details different namespace types and their effects. Regulation types influence how data is processed and handled for deletions or access requests. For instance, GDPR might have different requirements compared to CCPA, affecting how data is managed.
  2. Changing Regulation Types:
    • Selecting different regulation types may alter the processing rules for deletions and access requests. Different regulations have unique requirements for how data must be handled, and changing the regulation type adjusts the Privacy Service's behavior accordingly.

Actions of Privacy Service

  1. Privacy Service Actions:
    • The Privacy Service typically supports actions such as delete and access. These actions align with common privacy requirements where users can request deletion of their data or access to it.

Syncing Data and Reporting

  1. Syncing Data Back to Eloqua:
    • AEP can sync data back to Eloqua after processing, but this depends on the integration setup. You may need to configure synchronization settings to ensure that changes in AEP reflect in Eloqua.
  2. Governance Labeling Report:
    • To get a report of all governance labeling within a schema, you would typically use the Adobe Experience Platform’s reporting tools or APIs. Check Adobe’s documentation or dashboard options for generating such reports.

 

Avatar

Administrator

@Xavier_Dupertio Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni