Real-Time Customer Data Platform

mdajaz · 12/1/23

We have data from different internal data sources which are sensitive and in plain text (not hashed). Requirement is to enforce data hashing for all destinations when exporting data.

I know we can enforce policies to restrict data exports based on marketing actions assigned to Destinations. Also, we can apply transformations at Dest mapping level (https://experienceleague.adobe.com/docs/experience-platform/destinations/ui/activate/activate-segmen...). But, all these dont satisfy my requirement.

I need to enforce that whenever any Destination is created (in future) and if data is not hashed, appropriate enforcement data privacy polices are applied to restrict it in exporting data in plain text.

Any suggestions?

abhinavbalooni · 12/1/23

Hey @mdajaz

You've looked into marketing actions so you are already aware of the functionality. When you say that it does not suffice your requirement, could you elaborate. Usually, we apply data usage labels to specific fields, in your case, the plan text data, then combined marketing actions with data usage policies to ensure that any segments based on these fields or there export as an attribute is not supported for a particular destination.

You might have already looked at the above but still sharing for reference : https://experienceleague.adobe.com/docs/experience-platform/data-governance/policies/overview.html?l...

Cheers,

Abhinav

mdajaz · 12/1/23

Apologies for being ambiguous if it was not clear.

Let me elaborate further with an example. The restriction need not be imposed on export of emails as hash but rather need to be restricted if email is exported in plain text. Hope it is clean now.

abhinavbalooni · 12/1/23

Hi @mdajaz

Thanks for adding more details to it.

This is how I would approach it. Might not work for you. I have worked on a couple of setups where we had email in plain and hashed in separate fields. Plain text email field data usage label was labeled accordingly to avoid that being passed through to any destination.

There is one more option, if you do not want those plain text fields to be imported into AEP as is, then you can hash them during the data mapping stage using data prep functions.

Hope this would work for you too.

Cheers.

Prateek-Garg · 12/4/23

Hi @mdajaz ,

As mentioned by @abhinavbalooni you can apply Data Governance label on plain text email attribute (e.g. C12 - Data cannot be exported in any way.)

Besides this if you what to be more restrictive then you can apply attribute based access control (ABAC) on plain text email attribute which stops access of this attribute to everyone in the platform. Using attribute based access control you can enable access of this sensitive attribute only to select users. If normal users cannot see this sensitive field then they cannot export it while enabling Audiences export to destinations. For more information refer: https://experienceleague.adobe.com/docs/experience-platform/access-control/abac/overview.html

Thanks.

Prateek

Real-Time Customer Data Platform

Hashed data export to all destinations

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe