Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

XDM Schema related

Level 1
Level 1

Can we bring in email IDs to AEP and get them encrypted, and when they leave Platform have them decrypted? How and what approach should be followed?

1 Reply
Level 2
Level 2

Hello @amakumar! This would depend on the requirement. Also I think you want to look at hashing options as well along with encription. There are multiple options here:

1. If your requirement is to secure the email id data at rest, AEP offers encryption at rest by default. Refer here -

2. If you want to restrict some users/user groups, then you should use Role Based Access Controls and if you want to restrict data sharing to platforms not dealing with PII, then you should use DULE lables and Data Governance features of AEP. (By default, the email ids are stored in clear and AEP/CDP typically stores like this (industry practice) since they deal with PII powered systems downstream).

3. If you want to obscure the email ids, then use only hashed ids for all usecases. You can pass pre-hashed email ids if you want (during data collection phase). Adobe has support for that in SHA-256 format. (Refer this documentation -  But this will only hash  the incoming email id. I am not sure if it re-hashes when sending to a destination.

4. If you want to hash only when sending to a specific destination (like LinkedIn) and you are storing unhased email ids, then you can do the hashing when mapping segments. (again this will only hash, not come across a scenario for unhashing at destination). Example here -

Hope this helps!