Recherche avancée

Sur d’autres sites (6538)

• What is PII ? Your introduction to personally identifiable information

  15 janvier 2020, par Joselyn Khor — Analytics Tips, Privacy, Security
  Most websites you visit collect information about you via tools like Google Analytics and Matomo – sometimes collecting personally identifiable information (PII).

  When it comes to PII, people are becoming more concerned about data privacy. Identifiable information can be used for illegal purposes like identity theft and fraud. 

  So how can you protect yourself as an innocent internet browser ? In the case of website owners – how do you protect users and your company from falling prey to privacy breaches ?

  

  As one of the most trusted analytics companies, we feel our readers would benefit from being as informed as possible about data privacy issues and PII. Learn what it means, and what you can do to keep yours or others’ information safe.

  Table of Contents

  What does PII stand for ?

  PII acronym

  PII is an acronym for personally identifiable information.

  PII definition

  Personally identifiable information (PII) is a term used predominantly in the United States.

  The appendix of OMB M-10-23 (Guidance for Agency Use of Third-Party Website and Applications) gives this definition for PII :

  “The term ‘personally identifiable information’ refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”

  What can be considered personally identifiable information (PII) ? Some PII examples :

  • Full name/usernames
  • Home address/mailing address
  • Email address
  • Credit card numbers
  • Date of birth
  • Phone numbers
  • Login details

  • Precise locations
  • Account numbers
  • Passwords
  • Security codes (including biometric records)
  • Personal identification numbers
  • Driver license number
  • Get a more comprehensive list here

  What’s non-PII ?

  Anonymous information, or information that can’t be traced back to an individual, can be considered non-PII.

  Who is affected by the exploitation of PII ?

  Anyone can be affected by the exploitation of personal data, where you have identity theft, account fraud and account takeovers. When websites resort to illegally selling or sharing your data and compromising your privacy, the fear is falling victim to such fraudulent activity. 

  PII can also be an issue when employees have access to the database and the data is not encrypted. For example, anyone working in a bank can access your accounts ; anyone working at Facebook may be able to read your messages. This shows how privacy breaches can easily happen when employees have access to PII.

  Website owner’s responsibility for data privacy (PII and analytics)

  To respect your website visitor’s privacy, best practice is to avoid collecting PII whenever possible. If you work in an industry which requires people to disclose personal information (e.g. healthcare, security industries, public sector), then you must ensure this data is collected and handled securely. 

  

  The US National Institute of Standards and Technology states : “The likelihood of harm caused by a breach involving PII is greatly reduced if an organisation minimises the amount of PII it uses, collects, and stores. For example, an organisation should only request PII in a new form if the PII is absolutely necessary.” 

  How you’re held accountable remains up to the privacy laws of the country you’re doing business in. Make sure you are fully aware of the privacy and data protection laws that relate specifically to you. 

  To reduce the risk of privacy breaches, try collecting as little PII as you can ; purging it as soon as you can ; and making sure your IT security is updated and protected against security threats. 

  If you’re using data collection tools like web analytics, data may be tracked through features like User ID, custom variables, and custom dimensions. Sometimes they are also harder to identify when they are present, for example, in page URLs, page titles, or referrers URLs. So make sure you’re optimising your web analytics tools’ settings to ensure you’re asking your users for consent and respecting users’ privacy.

  If you’re using a GDPR compliant tool like Matomo, learn how you can stop processing such personal data

  PII, GDPR and businesses in the US/EU

  Because PII is broad, you may run into confusion when considering PII and GDPR (which applies in the EU). The General Data Protection Regulation (GDPR) provides more safeguards for user privacy.

  GDPR grants people in the EU more rights concerning their “personal data” (more on PII vs personal data below). In the EU the GDPR restricts the collection and processing of personal data. The repercussions are severe penalties and fines for privacy infringements. Businesses are required to handle this personal data carefully. You can be fined up to 4% of their yearly revenue for data breaches or non-compliance. 

  

  Although there isn’t an overarching data protection law in the US, there are hundreds of laws on both the federal and state levels to protect the personal data of US residents. US Congress has also enacted industry-specific statutes related to data privacy, and the state of California passed the California Consumer Privacy Act. 

  To be on the safe side, if you are using analytics, follow matters relating to “personal data” in the GDPR. It’s all-encompassing when it comes to protecting user privacy. GDPR rules still apply whenever an EU citizen visits any non EU site (that processes personal data).

  Personally identifiable information (PII) vs personal data

  PII and “personal data” aren’t used interchangeably. All personal data can be PII, but not all PII can be defined as personal data.

  The definition of “personal data” according to the GDPR :

  

  This means “personal data” encompasses a greater number of identifiers which include the online sphere. Examples include : IP addresses and URL names. As well as seemingly “innocent” data like height, job position, company etc. 

  What’s considered personal data depends on the context. If a piece of information can be combined with others to establish someone’s identity then that can be considered personal data. 

  Under GDPR, when processing personal data, you need explicit consent. You need to ensure you’re compliant according to GDPR definitions of “personal data” not just what’s considered “PII”.

  How Matomo deals with PII and personal data

  Although Matomo Analytics is a web analytics software that tracks user activity on your website, we take privacy and PII very seriously – on both our Cloud and On-Premise offerings. 

  If you’re using Matomo and would like to know how you can be fully GDPR compliant and protect user privacy, read more :
  

  • Learn how to not process any personally identifiable information – Anonymise IP addresses, user IDs, and order IDs
  • Matomo protects user privacy by talking the talk and walking the walk
  • Stay ahead of the GDPR with a privacy-respecting analytics platform
  • 11 ways Matomo helps you protect your visitor’s privacy

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to issues you may encounter when dealing with PII. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns. 

  Additional resources :

  • https://www.consumeraffairs.com/finance/identity-theft-statistics.html#identity-theft-trends-in-2019
  • https://ec.europa.eu/info/law/law-topic/data-protection_en
  • https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa
  • https://www.csoonline.com/article/3215864/how-to-protect-personally-identifiable-information-pii-under-gdpr.html
  • https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/

• Google Analytics 4 (GA4) vs Universal Analytics (UA)

  24 janvier 2022, par Erin — Analytics Tips

  March 2022 Update : It’s official ! Google announced that Universal Analytics will no longer process any new data as of 1 July 2023. Google is now pushing Universal Analytics users to switch to the latest version of GA – Google Analytics 4. 

  Currently, Google Analytics 4 is unable to accept historical data from Universal Analytics. Users need to take action before July 2022, to ensure they have 12 months of data built up before the sunset of Universal Analytics

  So how do Universal Analytics and Google Analytics 4 compare ? And what alternative options do you have ? Let’s dive in. 

  In this blog, we’ll cover :

  What is Google Analytics 4 ? 

  In October 2020, Google launched Google Analytics 4, a completely redesigned analytics platform. This follows on from the previous version known as Universal Analytics (or UA).

  Amongst its touted benefits, GA4 promises a completely new way to model data and even the ability to predict future revenue. 

  However, the reception of GA4 has been largely negative. In fact, some users from the digital marketing community have said that GA4 is awful, unusable and so bad it can bring you to tears.

  

  

  Google Analytics 4 vs Universal Analytics

  There are some pretty big differences between Google Analytics 4 and Universal Analytics but for this blog, we’ll cover the top three.

  1. Redesigned user interface (UI)

  GA4 features a completely redesigned UI to Universal Analytics’ popular interface. This dramatic change has left many users in confusion and fuelled some users to declare that “most of the time you are going round in circles to find what you’re looking for.”

  

  2. Event-based tracking

  Google Analytics 4 also brings with it a new data model which is purely event-based. This event-based model moves away from the typical “pageview” metric that underpins Universal Analytics.

  3. Machine learning insights

  Google Analytics 4 promises to “predict the future behavior of your users” with their machine-learning-powered predictive metrics. This feature can “use shared aggregated and anonymous data to improve model quality”. Sounds powerful, right ?

  Unfortunately, it only works if at least 1,000 returning users triggered the relevant predictive condition over a seven-day period. Also, if the model isn’t sustained over a “period of time” then it won’t work. And according to Google, if “the model quality for your property falls below the minimum threshold, then Analytics will stop updating the corresponding predictions”.

  This means GA4’s machine learning insights probably won’t work for the majority of analytics users.

  Ultimately, GA4 is just not ready to replace Google’s Universal Analytics for most users. There are too many missing features.

  What’s missing in Google Analytics 4 ?

  Quite a lot. Even though it offers a completely new approach to analytics, there are a lot of key features and functions missing in GA4.

  Behavior Flow

  The Behavior Flow report in Universal Analytics helps to visualise the path users take from one page or Event to the next. It’s extremely useful when you’re looking for quick and clear insight. But it no longer exists in Google Analytics 4, and instead, two new overcomplicated reports have been introduced to replace it – funnel exploration report and path exploration report.

  The decision to remove this critical report will leave many users feeling disappointed and frustrated. 

  Limitations on custom dimensions

  You can create custom dimensions in Google Analytics 4 to capture advanced information. For example, if a user reads a blog post you can supplement that data with custom dimensions like author name or blog post length. But, you can only use up to 50, and for some that will make functionality like this almost pointless.

  Machine learning (ML) limitations

  Google Analytics 4 promises powerful ML insights to predict the likelihood of users converting based on their behaviors. The problem ? You need 1,000 returning users in one week. For most small-medium businesses this just isn’t possible.

  And if you do get this level of traffic in a week, there’s another hurdle. According to Google, if “the model quality for your property falls below the minimum threshold, then GA will stop updating the corresponding predictions.” To add insult to injury Google suggests that this might make all ML insights unavailable. But they can’t say for certain… 

  Views

  One cornerstone of Universal Analytics is the ability to configure views. Views allow you to set certain analytics environments for testing or cleaning up data by filtering out internal traffic, for example. 

  Views are great for quickly and easily filtering data. Preset views that contain just the information you want to see are the ideal analytics setup for smaller businesses, casual users, and do-it-yourself marketing departments.

  

  There are a few workarounds but they’re “messy [,] annoying and clunky,” says a disenfranchised Redditor.

  Another helpful Reddit user stumbled upon an unhelpful statement from Google. Google says that they “do not offer [the views] feature in Google Analytics 4 but are planning similar functionality in the future.” There’s no specific date yet though.

  Bounce rate

  Those that rely on bounce rate to understand their site’s performance will be disappointed to find out that bounce rate is also not available in GA4. Instead, Google is pushing a new metric known as “Engagement Rate”. With this metric, Google now uses their own formula to establish if a visitor is engaged with a site.

  Lack of integration

  Currently, GA4 isn’t ready to integrate with many core digital marketing tools and doesn’t accept non-Google data imports. This makes it difficult for users to analyse ROI and ROAS for campaigns measured in other tools. 

  Content Grouping

  Yet another key feature that Google has done away with is Content Grouping. However, as with some of the other missing features in GA4, there is a workaround, but it’s not simple for casual users to implement. In order to keep using Content Grouping, you’ll need to create event-scoped custom dimensions.

  Annotations 

  A key feature of Universal Analytics is the ability to add custom Annotations in views. Annotations are useful for marking dates that site changes were made for analysis in the future. However, Google has removed the Annotations feature and offered no alternative or workaround.

  Historical data imports are not available

  The new approach to data modelling in GA4 adds new functionality that UA can’t match. However, it also means that you can’t import historical UA data into GA4. 

  Google’s suggestion for this one ? Keep running UA with GA4 and duplicate events for your GA4 property. Now you will have two different implementations running alongside each other and doing slightly different things. Which doesn’t sound like a particularly streamlined solution, and adds another level of complexity.

  Should you switch to Google Analytics 4 ?

  So the burning question is, should you switch from Universal Analytics to Google Analytics 4 ? It really depends on whether you have the available resources and if you believe this tool is still right for your organisation. At the time of writing, GA4 is not ready for day-to-day use in most organisations.

  If you’re a casual user or someone looking for quick, clear insights then you will likely struggle with the switch to GA4. It appears that the new Google Analytics 4 has been designed for enterprise-scale businesses with large internal teams of analysts.

  

  Unfortunately, for most casual users, business owners and do-it-yourself marketers there are complex workarounds and time-consuming implementations to handle. Ultimately, it’s up to you to decide if the effort to migrate and relearn GA is worth it.

  Right now is the best time to draw the line and make a decision to either switch to GA4 or look for a better alternative to Google Analytics.

  Google Analytics alternative

  Matomo is one of the best Google Analytics alternatives offering an easy to use design with enhanced insights on our Cloud, On-Premise and on Matomo for WordPress solutions. 

  

  Matomo is an open-source analytics solution that provides a comprehensive, user-friendly and compliance-focused alternative to both Google Analytics 4 and Universal Analytics.

  The key benefits of using Matomo include :

  • Easy to use – Matomo provides a simpler interface and understandable KPIs. See for yourself with our live demo. 
  • Compliance – Future-proof your tech stack for looming privacy regulations. Matomo covers all of your ePrivacy, GDPR, HIPAA, CCPA, and PECR data compliance requirements. 
  • Data privacy and ownership – Your analytics data is 100% yours to own, with no external parties looking in.
  • Flexible, all-in-one solution – Get features like A/B Testing, Heatmaps, Session Recordings, SEO Web Vitals, Tag Manager, Media Analytics, Search Engine Keyword Performance, custom reports and much more. 
  • Integrations galore – Expand your Matomo capabilities by adding integrations from over 100 leading technologies.

  Plus, unlike GA4, Matomo will accept your historical data from UA so you don’t have to start all over again. Check out our 7 step guide to migrating from Google Analytics to find out how.

  Getting started with Matomo is easy. Check out our live demo and start your free 21-day trial. No credit card required.

  In addition to the limitations and complexities of GA4, there are many other significant drawbacks to using Google Analytics.

  Google’s data ethics are a growing concern of many and it is often discussed in the mainstream media. In addition, GA is not GDPR compliant by default and has resulted in 200k+ data protection cases against websites using GA.

  What’s more, the data that Google Analytics actually provides its end-users is extrapolated from samples. GA’s data sampling model means that once you’ve collected a certain amount of data Google Analytics will make educated guesses rather than use up its server space collecting your actual data. 

  The reasons to switch from Google Analytics are rising each day. 

  Wrap up

  The now required update to GA4 will add new layers of complexity, which will leave many casual web analytics users and marketers wondering if there’s a better way. Luckily there is. Get clear insights quickly and easily with Matomo – start your 21-day free trial now.

• Your introduction to personally identifiable information : What is PII ?

  15 janvier 2020, par Joselyn Khor — Analytics Tips, Privacy, Security
  When it comes to personally identifiable information (PII), people are becoming more concerned with data privacy. Identifiable information can be used for illegal purposes like identity theft and fraud. 

  So how can you protect yourself as an innocent web browser ?

  If you’re a website owner – how do you protect users and your company from falling prey to privacy breaches ?

  As one of the most trusted analytics companies, we feel our readers would benefit from being as informed as possible about data privacy issues and PII. Learn how you can keep yours or others’ information safe.

  

  Table of Contents

  What does PII stand for ?

  PII acronym

  PII is an acronym for personally identifiable information.

  PII definition

  Personally identifiable information (PII) is a term mainly used in the United States.

  The appendix of OMB M-10-23 (Guidance for Agency Use of Third-Party Website and Applications) gives this definition for PII :

  “The term ‘personally identifiable information’ refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”

  What can be considered personally identifiable information (PII) ? Some PII examples :

  • Full name/usernames
  • Home address/mailing address
  • Email address
  • Credit card numbers
  • Date of birth
  • Phone numbers
  • Login details

  • Precise locations
  • Account numbers
  • Passwords
  • Security codes (including biometric records)
  • Personal identification numbers
  • Driver license number
  • Get a more comprehensive list here

  What’s non-PII ?

  Anonymous information, or information that can’t be traced back to an individual, can be considered non-PII. 

  Who is affected by the exploitation of PII ?

  Anyone can be affected by the misuse of personal data. Websites can compromise your privacy by mishandling or illegally selling/sharing your data. That may lead identity theft, account fraud and account takeovers. The fear is falling victim to such fraudulent activity. 

  PII can also be an issue when employees have access to the database and the data is not encrypted. For example, anyone working in a bank can access your accounts ; and anyone working at Facebook can read your messages. This shows how privacy breaches can easily happen when employees have access to PII.

  Website owner’s responsibility for data privacy (PII and analytics)

  If you’re using a web analytics tool like Google Analytics or Matomo, best practise is to not collect PII if possible. This is to better respect your website visitor’s privacy. 

  If you work in an industry which needs people to share personal information (e.g. healthcare, security industries, public sector), then you must collect and handle this data securely. 

  

  The US National Institute of Standards and Technology states : “The likelihood of harm caused by a breach involving PII is greatly reduced if an organisation minimises the amount of PII it uses, collects, and stores. For example, an organisation should only request PII in a new form if the PII is absolutely necessary.” 

  How you’re held accountable remains up to the privacy laws of the country you’re doing business in. Make sure you are fully aware of the privacy and data protection laws that relate specifically to you. 

  To reduce the risk of privacy breaches, try collecting as little PII as you can ; purging it as soon as you can ; and making sure your IT security is updated and protected against security threats. 

  With data collection tools like web analytics, data may be tracked through features like User ID, custom variables, and custom dimensions. Sometimes they are also harder to identify when they are present, for example, in page URLs, page titles, or referrers URLs. So make sure you’re optimising your web analytics tools’ settings to ensure you’re asking your users for consent and respecting users’ privacy.

  If you’re using a GDPR compliant tool like Matomo, learn how you can stop processing such personal data

  PII, GDPR and businesses in the US/EU

  You may get confused when considering PII and GDPR (which applies in the EU). The General Data Protection Regulation (GDPR) gives people in the EU more rights over “personal data” – which covers more identifiers than PII (more on PII vs personal data below). GDPR restricts the collection and processing of personal data so businesses need to handle this personal data carefully. 

  According to the GDPR, you can be fined up to 4% of their yearly revenue for data/privacy breaches or non-compliance. 

  

  In the US, there isn’t one overarching data protection law, but there are hundreds of laws on both the federal and state levels to protect PII of US residents. US Congress has enacted industry-specific statutes related to data privacy like HIPAA. Recently state of California also passed the California Consumer Privacy Act (CCPA). 

  To be on the safe side, if you’re using analytics, follow matters relating to “personal data” in the GDPR. It covers more when it comes to protecting user privacy. GDPR rules still apply whenever an EU citizen visits any non EU site (that processes personal data).

  Personally identifiable information (PII) vs personal data

  PII and “personal data” aren’t used interchangeably. All personal data can be PII, but not all PII can be defined as personal data.

  The definition of “personal data” according to the GDPR :

  

  This means “personal data” covers more identifiers, including online identifiers. Examples include : IP addresses and URL names. As well as seemingly “innocent” data like height, job position, company etc. 

  What’s seen as personal data depends on the context. If a piece of information can be combined with others to establish someone’s identity then that can be considered personal data. 

  Under GDPR, when processing personal data, you need explicit consent. So best to be compliant according to GDPR definitions of “personal data” not just what’s considered “PII”.

  How do you keep PII safe ?

  • Try not to give your data away so easily. Read through terms and conditions.
  • Don’t just click ‘agree’ when faced with consent screens, as consent screens are majorly flawed. 
  • Disable third party cookies by default. 
  • Use strong passwords.
  • Be wary of public wifi – hackers can easily access your PII or sensitive data. Use a VPN (virtual private network)
  • Read more on how to keep PII safe. For businesses here’s a checklist on PII compliance.

  How Matomo deals with PII and personal data

  Although Matomo Analytics is a web analytics tool that tracks user activity on your website, we take privacy and PII very seriously – on both our Cloud and On-Premise offerings. 

  If you’re using Matomo and would like to know how you can be fully GDPR compliant and protect user privacy, read more :
  

  • Learn how to not process any personally identifiable information – Anonymise IP addresses, user IDs, and order IDs
  • Matomo protects user privacy by talking the talk and walking the walk
  • Stay ahead of the GDPR with a privacy-respecting analytics platform
  • 11 ways Matomo helps you protect your visitor’s privacy

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to issues you may encounter when dealing with PII. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns. 

  Additional resources :

  • https://www.consumeraffairs.com/finance/identity-theft-statistics.html#identity-theft-trends-in-2019
  • https://ec.europa.eu/info/law/law-topic/data-protection_en
  • https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa
  • https://www.csoonline.com/article/3215864/how-to-protect-personally-identifiable-information-pii-under-gdpr.html
  • https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/