Discuss regaining access to Analytics accounts, restoring accounts, changing user access levels, and navigating the homepage
 
Guide Me
star_border
Reply

PII and User-ID feature

Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

Hi

 

I had a question about PII. Do I need to worry about PII if I do not have User-ID feature enabled on my UA account?

 

Thanks

1 Expert replyverified_user
Marked as Best Answer.
Solution
Accepted by topic author Mario B
April 2016

Re: PII and User-ID feature

Rising Star
# 2
Rising Star
Absolutely. Here is one example - I have a (now current and complient) client who had created events around form completions. They stuffed the form element value into the label of each event - name, email, phone number - obviously non-compliant. No idea that they were breaking the rules.

It can be very easy to accidentally collect PII. A common practice is to pass form values in a query string - even something as simple as their name and email address for a thank-you page. Well, unless you're filtering out those query string variables, each page submit is sending PII in the form of the URL into GA.

You would be surprised how often I find names, phone numbers, email address, and other forms of PII from query string variables whenever I audit a GA account for a potential or new client. It takes awareness of PII issues at all levels of your web development process.
_________________________________________________________________________
Director of Marketing | Nehmedia | Partner Profile

Re: PII and User-ID feature

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭
Thanks for the insight.

PII and User-ID feature

Visitor ✭ ✭ ✭
# 4
Visitor ✭ ✭ ✭

Hi,

 

Is it possible How to encryption form values and decryption those data into the GA?

 

PII and User-ID feature

Rising Star
# 5
Rising Star

The simplest way is to use an event (https://developers.google.com/analytics/devguides/collection/analyticsjs/events) - as long as you are not passing personal information, you would use javascript to grab the value of a form element and pass it as event data into GA.

_________________________________________________________________________
Director of Marketing | Nehmedia | Partner Profile

PII and User-ID feature

Visitor ✭ ✭ ✭
# 6
Visitor ✭ ✭ ✭

A client offers an unsubscribe link in their newsletter with a link to the unsubscribe page with the email address in the URL. www.site.com/unsubscribe.cfm?email=jake@email.com. They just received the "Policy Breach Notice" emails, and it's AdWords not GA. The URL practice has been in effect for years. The URLs also have UTM tags that AdWords is consuming so I'm wondering if I can just remove the UTM tags...? :-) Or perhaps just remove GA from the /unsubscribe.cfm page...? Those are probably not the optimal ideas. Any suggestions on how to handle unsubscribes from newsletters....? They don't have User IDs for their subscribers. 

 

PII and User-ID feature

Badged Google Partner
# 7
Badged Google Partner

They are in breach for GA as well - can't store email addresses in GA.  Simple solution is to add "email" to the Exclude URL Query Parameters in your view settings.

The folks at LunaMetrics published a very helpful blog post that expands on multiple methods - personally, I use the Google Tag Manager approach when practical, since almost 100% of my projects use GTM.