Recherche avancée

Sur d’autres sites (1699)

• What is PII ? Your introduction to personally identifiable information

  15 janvier 2020, par Joselyn Khor — Analytics Tips, Privacy, Security
  Most websites you visit collect information about you via tools like Google Analytics and Matomo – sometimes collecting personally identifiable information (PII).

  When it comes to PII, people are becoming more concerned about data privacy. Identifiable information can be used for illegal purposes like identity theft and fraud. 

  So how can you protect yourself as an innocent internet browser ? In the case of website owners – how do you protect users and your company from falling prey to privacy breaches ?

  

  As one of the most trusted analytics companies, we feel our readers would benefit from being as informed as possible about data privacy issues and PII. Learn what it means, and what you can do to keep yours or others’ information safe.

  Table of Contents

  What does PII stand for ?

  PII acronym

  PII is an acronym for personally identifiable information.

  PII definition

  Personally identifiable information (PII) is a term used predominantly in the United States.

  The appendix of OMB M-10-23 (Guidance for Agency Use of Third-Party Website and Applications) gives this definition for PII :

  “The term ‘personally identifiable information’ refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”

  What can be considered personally identifiable information (PII) ? Some PII examples :

  • Full name/usernames
  • Home address/mailing address
  • Email address
  • Credit card numbers
  • Date of birth
  • Phone numbers
  • Login details

  • Precise locations
  • Account numbers
  • Passwords
  • Security codes (including biometric records)
  • Personal identification numbers
  • Driver license number
  • Get a more comprehensive list here

  What’s non-PII ?

  Anonymous information, or information that can’t be traced back to an individual, can be considered non-PII.

  Who is affected by the exploitation of PII ?

  Anyone can be affected by the exploitation of personal data, where you have identity theft, account fraud and account takeovers. When websites resort to illegally selling or sharing your data and compromising your privacy, the fear is falling victim to such fraudulent activity. 

  PII can also be an issue when employees have access to the database and the data is not encrypted. For example, anyone working in a bank can access your accounts ; anyone working at Facebook may be able to read your messages. This shows how privacy breaches can easily happen when employees have access to PII.

  Website owner’s responsibility for data privacy (PII and analytics)

  To respect your website visitor’s privacy, best practice is to avoid collecting PII whenever possible. If you work in an industry which requires people to disclose personal information (e.g. healthcare, security industries, public sector), then you must ensure this data is collected and handled securely. 

  

  The US National Institute of Standards and Technology states : “The likelihood of harm caused by a breach involving PII is greatly reduced if an organisation minimises the amount of PII it uses, collects, and stores. For example, an organisation should only request PII in a new form if the PII is absolutely necessary.” 

  How you’re held accountable remains up to the privacy laws of the country you’re doing business in. Make sure you are fully aware of the privacy and data protection laws that relate specifically to you. 

  To reduce the risk of privacy breaches, try collecting as little PII as you can ; purging it as soon as you can ; and making sure your IT security is updated and protected against security threats. 

  If you’re using data collection tools like web analytics, data may be tracked through features like User ID, custom variables, and custom dimensions. Sometimes they are also harder to identify when they are present, for example, in page URLs, page titles, or referrers URLs. So make sure you’re optimising your web analytics tools’ settings to ensure you’re asking your users for consent and respecting users’ privacy.

  If you’re using a GDPR compliant tool like Matomo, learn how you can stop processing such personal data

  PII, GDPR and businesses in the US/EU

  Because PII is broad, you may run into confusion when considering PII and GDPR (which applies in the EU). The General Data Protection Regulation (GDPR) provides more safeguards for user privacy.

  GDPR grants people in the EU more rights concerning their “personal data” (more on PII vs personal data below). In the EU the GDPR restricts the collection and processing of personal data. The repercussions are severe penalties and fines for privacy infringements. Businesses are required to handle this personal data carefully. You can be fined up to 4% of their yearly revenue for data breaches or non-compliance. 

  

  Although there isn’t an overarching data protection law in the US, there are hundreds of laws on both the federal and state levels to protect the personal data of US residents. US Congress has also enacted industry-specific statutes related to data privacy, and the state of California passed the California Consumer Privacy Act. 

  To be on the safe side, if you are using analytics, follow matters relating to “personal data” in the GDPR. It’s all-encompassing when it comes to protecting user privacy. GDPR rules still apply whenever an EU citizen visits any non EU site (that processes personal data).

  Personally identifiable information (PII) vs personal data

  PII and “personal data” aren’t used interchangeably. All personal data can be PII, but not all PII can be defined as personal data.

  The definition of “personal data” according to the GDPR :

  

  This means “personal data” encompasses a greater number of identifiers which include the online sphere. Examples include : IP addresses and URL names. As well as seemingly “innocent” data like height, job position, company etc. 

  What’s considered personal data depends on the context. If a piece of information can be combined with others to establish someone’s identity then that can be considered personal data. 

  Under GDPR, when processing personal data, you need explicit consent. You need to ensure you’re compliant according to GDPR definitions of “personal data” not just what’s considered “PII”.

  How Matomo deals with PII and personal data

  Although Matomo Analytics is a web analytics software that tracks user activity on your website, we take privacy and PII very seriously – on both our Cloud and On-Premise offerings. 

  If you’re using Matomo and would like to know how you can be fully GDPR compliant and protect user privacy, read more :
  

  • Learn how to not process any personally identifiable information – Anonymise IP addresses, user IDs, and order IDs
  • Matomo protects user privacy by talking the talk and walking the walk
  • Stay ahead of the GDPR with a privacy-respecting analytics platform
  • 11 ways Matomo helps you protect your visitor’s privacy

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to issues you may encounter when dealing with PII. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns. 

  Additional resources :

  • https://www.consumeraffairs.com/finance/identity-theft-statistics.html#identity-theft-trends-in-2019
  • https://ec.europa.eu/info/law/law-topic/data-protection_en
  • https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa
  • https://www.csoonline.com/article/3215864/how-to-protect-personally-identifiable-information-pii-under-gdpr.html
  • https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/

• Protecting consumer privacy : How to ensure CCPA compliance

  18 août 2023, par Erin — CCPA, Privacy

  The California Consumer Privacy Act (CCPA) is a state law that enhances privacy rights and consumer protection for residents of California. 

  It grants consumers six rights, like the right to know what personal information is being collected about them by businesses and others. 

  CCPA also requires businesses to provide notice of data collection practices. Consumers can choose to opt out of the sale of their data. 

  In this article, we’ll learn more about the scope of CCPA, the penalties for non-compliance and how our web analytics tool, Matomo, can help you create a CCPA-compliant framework.

  What is the CCPA ? 

  CCPA was implemented on January 1, 2020. It ensures that businesses securely handle individuals’ personal information and respect their privacy in the digital ecosystem. 

  

  CCPA addresses the growing concerns over privacy and data protection ; 40% of US consumers share that they’re worried about digital privacy. With the increasing amount of personal information being collected and shared by businesses, there was a need to establish regulations to provide individuals with more control and transparency over their data. 

  CCPA aims to protect consumer privacy rights and promote greater accountability from businesses when handling personal information.

  Scope of CCPA 

  The scope of CCPA includes for-profit businesses that collect personal information from California residents, regardless of where you run the business from.

  It defines three thresholds that determine the inclusion criteria for businesses subject to CCPA regulations. 

  Businesses need to abide by CCPA if they meet any of the three options :

  1. Revenue threshold : Have an annual gross revenue of over $25 million.
  2. Consumer threshold : Businesses that purchase, sell or distribute the personal information of 100,000 or more consumers, households or devices.
  3. Data threshold : Businesses that earn at least half of their revenue annually from selling the personal information of California residents.

  What are the six consumer rights under the CCPA ? 

  Here’s a short description of the six consumer rights. 

  

  1. Right to know : Under this right, you can ask a business to disclose specific personal information they collect about you and the categories of sources of the information. You can also know the purpose of collection and to which third-party the business will disclose this info. This allows consumers to understand what information is being held and how it is used. You can request this info for free twice a year.
  2. Right to delete : Consumers can request the deletion of their personal information. Companies must comply with some exceptions.
  3. Right to opt-out : Consumers can deny the sale of their personal information. Companies must provide a link on their homepage for users to exercise this right. After you choose this, companies can’t sell your data unless you authorise them to do so later.
  4. Right to non-discrimination : Consumers cannot be discriminated against for exercising their CCPA rights. For instance, a company cannot charge different prices, provide a different quality of service or deny services.
  5. Right to correct : Consumers can request to correct inaccurate personal information.

  6. Right to limit use : Consumers can specify how they want the businesses to use their sensitive personal information. This includes social security numbers, financial account details, precise geolocation data or genetic data. Consumers can direct businesses to use this sensitive information only for specific purposes, such as providing the requested services.

  Penalties for CCPA non-compliance 

  52% of organisations have yet to adopt CCPA principles as of 2022. Non-compliance can attract penalties.

  

  Section 1798.155 of the CCPA states that any business that doesn’t comply with CCPA’s terms can face penalties based on the consumer’s private right to action. Consumers can directly take the company to the civil court and don’t need prosecutors’ interventions. 

  Businesses get a chance of 30 days to make amends for their actions. 

  If that’s also not possible, the business may receive a civil penalty of up to $2,500 per violation. Violations can be of any kind, even accidental. An intentional violation can attract a fine of $7,500. 

  Consumers can also initiate private lawsuits to claim damages that range from $100 to $750, or actual damages (whichever is higher), for each occurrence of their unredacted and unencrypted data being breached on a business’s server.

  CCPA vs. GDPR 

  Both CCPA and GDPR aim to enhance individuals’ control over their personal information and provide transparency about how their data is collected, used and shared. The comparison between the CCPA and GDPR is crucial in understanding the regulatory framework of data protection laws.

  Here’s how CCPA and GDPR differ :

  Scope

  • CCPA is for businesses that meet specific criteria and collect personal information from California residents. 
  • GDPR (General Data Protection Regulation) applies to businesses that process the personal data of citizens and residents of the European Union.

  Definition of personal information

  • CCPA includes personal information broadly, including identifiers such as IP addresses and households. Examples include name, email id, location and browsing history. However, it excludes HIPAA-protected medical data, clinical trial data and other personal information from government records.
  • GDPR covers any personal data relating to an identified or identifiable individual, excluding households. Examples include the phone number, email address and personal identification number. It excludes anonymous and deceased person’s data.

  

  Consent

  • Under the CCPA, consumers can opt out of the sale of their personal information.
  • GDPR states that organisations should obtain explicit consent from individuals for processing their personal data.

  Rights

  • CCPA grants the right to know what personal information is being collected and the right to request deletion of their personal information.
  • GDPR also gives individuals various rights, such as the right to access and rectify their personal data, the right to erasure (also known as the right to be forgotten) and also the right to data portability. 

  Enforcement

  • For CCPA, businesses may have to pay $7,500 for each violation. 
  • GDPR has stricter penalties for non-compliance, with fines of up to 4% of the global annual revenue of a company or €20 million, whichever is higher.

  A 5-step CCPA compliance framework 

  Here’s a simple framework you can follow to ensure compliance with CCPA. Alongside this, we’ll also share how Matomo can help. 

  Matomo is an open-source web analytics platform trusted by organisations like the United Nations, NASA and more. It provides valuable insights into website traffic, visitor behaviour and marketing effectiveness. More than 1 million websites and apps (approximately 1% of the internet !) use our solution, and it’s available in 50+ languages. Below, we’ll share how you can use Matomo to be CCPA compliant.

  1. Assess data

  First, familiarise yourself with the California Consumer Privacy Act and check your eligibility for CCPA compliance. 

  For example, as mentioned earlier, one threshold is : purchases, receives or sells the personal data of 100,000 or more individuals or households. 

  But how do you know if you have crossed 100K ? With Matomo ! 

  Go to last year’s calendar, select visitors, then go to locations and under the “Region” option, check for California. If you’ve crossed 100K visitors, you know you have to become CCPA compliant.

  

  Identify and assess the personal information you collect with Matomo.

  2. Evaluate privacy practices

  Review the current state of your privacy policies and practices. Conduct a thorough assessment of data sharing and third-party agreements. Then, update policies and procedures to align with CCPA requirements.

  For example, you can anonymise IP addresses with Matomo to ensure that user data collected for web analytics purposes cannot be used to trace back to specific individuals.

  

  If you have a consent management solution to honour user requests for data privacy, you can also integrate Matomo with it. 

  3. Communicate 

  Inform consumers about their CCPA rights and how you handle their data.

  Establish procedures for handling consumer requests and obtaining consent. For example, you can add an opt-out form on your website with Matomo. Or you can also use Matomo to disable cookies from your website.

  

  Documenting your compliance efforts, including consumer requests and how you responded to them, is a good idea. Finally, educate staff on CCPA compliance and their responsibilities to work collaboratively.

  4. Review vendor contracts

  Assessing vendor contracts allows you to determine if they include necessary data processing agreements. You can also identify if vendors are sharing personal information with third parties, which could pose a compliance risk. Verify if vendors have adequate security measures in place to protect the personal data they handle.

  That’s why you can review and update agreements to include provisions for data protection, privacy and CCPA requirements.

  Establish procedures to monitor and review vendor compliance with CCPA regularly. This may include conducting audits, requesting certifications and implementing controls to mitigate risks associated with vendors handling personal data.

  5. Engage legal counsel

  Consider consulting with legal counsel to ensure complete understanding and compliance with CCPA regulations.

  Finally, stay updated on any changes or developments related to CCPA and adjust your compliance efforts accordingly.

  Matomo and CCPA compliance 

  There’s an increasing emphasis on privacy regulations like CCPA. Matomo offers a robust solution that allows businesses to be CCPA-compliant without sacrificing the ability to track and analyse crucial data.

  You can gain in-depth insights into user behaviour and website performance — all while prioritising data protection and privacy. 

  Request a demo or sign up for a free 21-day trial to get started with our powerful CCPA-compliant web analytics platform — no credit card required. 

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to CCPA. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• How to Use Analytics & Reports for Marketing, Sales & More

  28 septembre 2023, par Erin — Analytics Tips

  By now, most professionals know they should be using analytics and reports to make better business decisions. Blogs and thought leaders talk about it all the time. But most sources don’t tell you how to use analytics and reports. So marketers, salespeople and others either skim whatever reports they come across or give up on making data-driven decisions entirely. 

  But it doesn’t have to be this way.

  In this article, we’ll cover what analytics and reports are, how they differ and give you examples of each. Then, we’ll explain how clean data comes into play and how marketing, sales, and user experience teams can use reports and analytics to uncover actionable insights.

  What’s the difference between analytics & reports ? 

  Many people speak of reports and analytics as if the terms are interchangeable, but they have two distinct meanings.

  A report is a collection of data presented in one place. By tracking key metrics and providing numbers, reports tell you what is happening in your business. Analytics is the study of data and the process of generating insights from data. Both rely on data and are essential for understanding and improving your business results.

  

  A science experiment is a helpful analogy for how reporting and analytics work together. To conduct an experiment, scientists collect data and results and compile a report of what happened. But the process doesn’t stop there. After generating a data report, scientists analyse the data and try to understand the why behind the results.

  In a business context, you collect and organise data in reports. With analytics, you then use those reports and their data to draw conclusions about what works and what doesn’t.

  Reports examples 

  Reports are a valuable tool for just about any part of your business, from sales to finance to human resources. For example, your finance team might collect data about spending and use it to create a report. It might show how much you spend on employee compensation, real estate, raw materials and shipping.

  On the other hand, your marketing team might benefit from a report on lead sources. This would mean collecting data on where your sales leads come from (social media, email, organic search, etc.). You could collect and present lead source data over time for a more in-depth report. This shows which sources are becoming more effective over time. With advanced tools, you can create detailed, custom reports that include multiple factors, such as time, geographical location and device type.

  

  Analytics examples 

  Because analytics requires looking at and drawing insights from data and reports to collect and present data, analytics often begins by studying reports. 

  In our example of a report on lead sources, an analytics professional might study the report and notice that webinars are an important source of leads. To better understand this, they might look closely at the number of leads acquired compared to how often webinars occur. If they notice that the number of webinar leads has been growing, they might conclude that the business should invest in more webinars to generate more leads. This is just one kind of insight analytics can provide.

  For another example, your human resources team might study a report on employee retention. After analysing the data, they could discover valuable insights, such as which teams have the highest turnover rate. Further analysis might help them uncover why certain teams fail to keep employees and what they can do to solve the problem.

  The importance of clean data 

  Both analytics and reporting rely on data, so it’s essential your data is clean. Clean data means you’ve audited your data, removed inaccuracies and duplicate entries, and corrected mislabelled data or errors. Basically, you want to ensure that each piece of information you’re using for reports and analytics is accurate and organised correctly.

  If your data isn’t clean and accurate, neither will your reports be. And making business decisions based on bad data can come at a considerable cost. Inaccurate data might lead you to invest in a channel that appears more valuable than it actually is. Or it could cause you to overlook opportunities for growth. Moreover, poor data maintenance and the poor insight it provides will lead your team to have less trust in your reports and analytics team.

  The simplest way to maintain clean data is to be meticulous when inputting or transferring data. This can be as simple as ensuring that your sales team fills in every field of an account record. When you need to import or transfer data from other sources, you need to perform quality assurance (QA) checks to make sure data is appropriately labelled and organised. 

  Another way to maintain clean data is by avoiding cookies. Most web visitors reject cookie consent banners. When this happens, analysts and marketers don’t get data on these visitors and only see the percentage of users who accept tracking. This means they decide on a smaller sample size, leading to poor or inaccurate data. These banners also create a poor user experience and annoy web visitors.

  Matomo can be configured to run cookieless — which, in most countries, means you don’t need to have an annoying cookie consent screen on your site. This way, you can get more accurate data and create a better user experience.

  Marketing analytics and reports 

  Analytics and reporting help you measure and improve the effectiveness of your marketing efforts. They help you learn what’s working and what you should invest more time and money into. And bolstering the effectiveness of your marketing will create more opportunities for sales.

  

  One common area where marketing teams use analytics and reports is to understand and improve their keyword rankings and search engine optimization. They use web analytics platforms like Matomo to report on how their website performs for specific keywords. Insights from these reports are then used to inform changes to the website and the development of new content.

  As we mentioned above, marketing teams often use reports on lead sources to understand how their prospects and customers are learning about the brand. They might analyse their lead sources to better understand their audience. 

  For example, if your company finds that you receive a lot of leads from LinkedIn, you might decide to study the content you post there and how it differs from other platforms. You could apply a similar content approach to other channels to see if it increases lead generation. You can then study reporting on how lead source data changes after you change content strategies. This is one example of how analysing a report can lead to marketing experimentation. 

  Email and paid advertising are also marketing channels that can be optimised with reports and analysis. By studying the data around what emails and ads your audience clicks on, you can draw insights into what topics and messaging resonate with your customers.

  

  Marketing teams often use A/B testing to learn about audience preferences. In an A/B test, you can test two landing page versions, such as two different types of call-to-action (CTA) buttons. Matomo will generate a report showing how many people clicked each version. From those results, you may draw an insight into the design your audience prefers.

  Sales analytics and reports 

  Sales analytics and reports are used to help teams close more deals and sell more efficiently. They also help businesses understand their revenue, set goals, and optimise sales processes. And understanding your sales and revenue allows you to plan for the future.

  One of the keys to building a successful sales strategy and team is understanding your sales cycle. That’s why it’s so important for companies to analyse their lead and sales data. For business-to-business (B2B) companies in particular, the sales cycle can be a long process. But you can use reporting and analytics to learn about the stages of the buying cycle, including how long they take and how many leads proceed to the next step.

  Analysing lead and customer data also allows you to gain insights into who your customers are. With detailed account records, you can track where your customers are, what industries they come from, what their role is and how much they spend. While you can use reports to gather customer data, you also have to use analysis and qualitative information in order to build buyer personas. 

  

  Many sales teams use past individual and business performance to understand revenue trends. For instance, you might study historical data reports to learn how seasonality affects your revenue. If you dive deeper, you might find that seasonal trends may depend on the country where your customers live. 

  

  Conversely, it’s also important to analyse what internal variables are affecting revenue. You can use revenue reports to identify your top-performing sales associates. You can then try to expand and replicate that success. While sales is a field often driven by personal relationships and conversations, many types of reports allow you to learn about and improve the process.

  Website and user behaviour analytics and reports 

  More and more, businesses view their websites as an experience and user behaviour as an important part of their business. And just like sales and marketing, reporting and analytics help you better understand and optimise your web experience. 

  Many web and user behaviour metrics, like traffic source, have important implications for marketing. For example, page traffic and user flows can provide valuable insights into what your customers are interested in. This can then drive future content development and marketing campaigns.

  

  You can also learn about how your users navigate and use your website. A robust web analytics tool, like Matomo, can supply user session recordings and visitor tracking. For example, you could study which pages a particular user visits. But Matomo also has a feature called Transitions that provides visual reports showing where a particular page’s traffic comes from and where visitors tend to go afterward. 

  

  As you consider why people might be leaving your website, site performance is another important area for reporting. Most users are accustomed to near-instantaneous web experiences, so it’s worth monitoring your page load time and looking out for backend delays. In today’s world, your website experience is part of what you’re selling to customers. Don’t miss out on opportunities to impress and delight them.

  Dive into your data

  Reporting and analytics can seem like mysterious buzzwords we’re all supposed to understand already. But, like anything else, they require definitions and meaningful examples. When you dig into the topic, though, the applications for reporting and analytics are endless.

  Use these examples to identify how you can use analytics and reports in your role and department to achieve better results, whether that means higher quality leads, bigger deal size or a better user experience.

  To see how Matomo can collect accurate and reliable data and turn it into in-depth analytics and reports, start a free 21-day trial. No credit card required.