Recherche avancée

Sur d’autres sites (6598)

• How to keep personally identifiable information safe

  23 janvier 2020, par Joselyn Khor
  The protection of personally identifiable information (PII) is important both for individuals, whose privacy may be compromised, and for businesses that may have their reputation ruined or be liable if PII is wrongly accessed, used, or shared.

  Curious about what PII is ? Here’s your introduction to personally identifiable information.

  Due to hacking, data leaks or data thievery, PII acquired can be combined with other pieces of information to form a more complete picture of you. On an individual level, this puts you at risk of identity theft, credit card theft or other harm caused by the fraudulent use of your personal information.

  On a business level, for companies who breach data privacy laws – like Cambridge Analytica’s harvesting of millions of FB profiles – the action leads to an erosion of trust. It can also impact your financial position as heavy fines can be imposed for the illegal use and processing of personally identifiable information.

  So what can you do to ensure PII compliance ?

  On an individual level :

  1. Don’t give your data away so easily. Although long, it’s worthwhile to read through privacy policies to make sure you know what you’re getting yourself into.
  2. Don’t just click ‘agree’ when faced with consent screens, as consent screens are majorly flawed. Users mostly always opt in without reading and without being properly informed what they opt in to.
  3. Did you know you’re most likely being tracked from website to website ? For example, Google can identify you across visits and websites. One of the things you can do is to disable third party cookies by default. Businesses can also use privacy friendly analytics which halt such tracking. 
  4. Use strong passwords.
  5. Be wary of public wifi – hackers can easily access your PII or sensitive data. Use a VPN (virtual private network), which lets you create a secure connection to a server of your choosing. This allows you to browse the internet in a safe manner.

  A PII compliance checklist for businesses/organisations :

  1. Identify where all PII exists and is stored – review and make sure this is in a safe environment.
  2. Identify laws that apply to you (GDPR, California privacy law, HIPAA) and follow your legal obligations.
  3. Create operational safeguards – policies and procedures for handling PII at an organisation level ; and building awareness to focus on the protection of PII.
  4. Encrypt databases and repositories where such info is kept.
  5. Create privacy-specific safeguards in the way your organisation collects, maintains, uses, and disseminates data so you protect the confidentiality of the data.
  6. Minimise the use, collection, and retention of PII – only collect and keep PII if it’s necessary for you to perform your legal business function.
  7. Conduct privacy impact assessments (PIA) to find and prevent privacy risks (identify what and why it’s to be collected ; how the information will be secured etc.).
  8. De-identify within the scope of your data collection and analytics tools.
  9. Anonymise data.
  10. Keep your privacy policy updated.
  11. Pseudonymisation.
  12. A more comprehensive guide for businesses can be found here : https://iapp.org/media/pdf/knowledge_center/NIST_Protecting_PII.pdf

  Unsure of what information could be considered PII ? Check out this list of examples.

  Additional resources :

  • https://www.umassmed.edu/it/security/compliance/what-is-pii/
  • http://www.osec.doc.gov/opog/privacy/PII_BII.html

• 5 perfect feature combinations to use with Heatmaps and Session Recordings

  28 janvier 2020, par Jake Thornton — Uncategorized

  Gaining valuable insights by simply creating a heatmap or setting up recordings on your most important web pages is a good start, but using the Heatmaps and Session Recordings features in combination with other Matomo features is where the real magic happens.

  If you’re serious about significantly increasing conversions on your website to impact your bottom line, you need to accurately answer these questions :

  1. Are you analysing the most important pages that influence conversions ?
  2. Are you segmenting heatmaps and recordings towards your most valuable visitors ? 
  3. Are you using these features to create better customer journeys ?
  4. Have you identified current pain points for visitors before setting up heatmaps and recordings ?
  5. Are you learning what content resonates best for your audience ?

  With Matomo Analytics, you have the ability to integrate heatmaps and session recordings with all the features of a powerful web analytics platform, which means you get the complete picture of your visitor’s experience of your website.

  Here are five features that work with Heatmaps and Session Recordings to maximise conversions :

  1. Behaviour feature with Heatmaps

  Before creating heatmaps on pages you think are most important to your website, first check out Behaviour – Pages. Here you get valuable information around unique pageviews, bounce rate, average time on page and exit rates for every page on your website.

  Use this data as your starting point for heatmaps. Here you’ll identify current pain points for your visitors before using heatmaps to analyse their interactions on these pages.

  Here’s how to use the behaviour feature to determine which pages to setup heatmaps on :

  

  • Make sure you know what pages are generating the most unique page views, it could be your blog rather than your homepage
  • Which pages have the highest bounce rates – can you make some quick changes above-the-fold and see if this makes a difference
  • When the average time on page is high, why are visitors so engaged with these pages ? What keeps them reading ? Setup a heatmap to learn more
  • Reduce exit rates by moving them along to other pages on your website
  • Determine some milestones you want to achieve e.g. use heatmaps as your visual guide to improve average time on page, bounce rates and exit rates. A milestone could be that the exit rate for your previous blog was 34%, work towards getting this down to 30%

  Learn more about the Behaviour feature

  2. Ecommerce feature and Custom Segments

  If you run an ecommerce business, you may want to learn only about visitors who are more likely to be your customers. For example, if you find 65% of product sales come from customers based in New York, but visits to your product pages are from every state in the USA, how can you learn more specifically about visitors only from New York ?

  Using Segments to target a particular audience :

  • First, make sure you have created heatmaps and recordings on the popular product pages you want to learn about your visitor’s interactions
  • Note : Make sure the segment you create generates enough pageviews to apply a heatmap for more accurate results. We recommend a minimum of 1,000 page views per sample size.
  • Then create a custom Segment – search Ecommerce and find the Product Name and select the product. Learn how to do this here.

  

  Click on ‘Add a new segment’ or on the ‘edit’ link next to an existing segment name to open the segment editor :

  

  Click on any item on the left to see the list of information you can segment by. In this case search “City”, then select “Is” and in the third column search “New York” (example in the image above) :

  

  You can also use the search box at the bottom to search through the whole list.

  • This will give you insights across the Matomo platform based only on customers who purchased this product
  • Then go to the Ecommerce feature – and find Sales. Here you will learn what your most popular locations are for your product sales.

  

  • Once you know the location you want to segment, go back and update the custom Segment you just created. Click on the edit pencil icon and update it by selecting Add AND condition, and add the sub group you would like to track on the product page. In this example, select City – New York. Click Save & Apply.

  Now you should have successfully created a segment for your popular product page with visitors only from New York.

  Check out the heatmap or recordings you created for this page. You may be very surprised to see how this segment engaged with your website compared to all website visitors.

  Note : If you run a lead generation website you can use the Goals feature instead of Ecommerce to track the success metrics you need.

  Learn more about Segmentation

  3. Visitor Profiles within Session Recordings

  Seeing visitor location, device, OS and browser for your recordings is very valuable, but it’s even more valuable to integrate visitor profiles with session recordings as you get to see everything that visitor has done on your website … ever ! 

  What pages they visited before/after the recording, what actions they took, how long they spent on your website etc. All this is captured in the visitor profile of every individual session recording so you can see where exactly engaged viewers are in their journey with your business, for example :

  • How has this visitor behaved on your website in the past ? 
  • Is this visitor already a customer ? 
  • Is this the visitors first time to your website and
  • What other pages on your website are they interested in seeing in this session ?

  Use the visitor profiles feature within session recordings to understand the users better when watching each session.

  You get the full picture of what role the page you recorded played in the overall experience of your website’s visitor. And more importantly, to see if they took the desired action you wanted them to take.

  

  Learn more about Visitor Profiles

  4. Funnels feature (premium feature)

  The Funnels feature lets you see the customer journey from the first entry page through to the conversion page.

  

  Once you create a funnel, you can see the % of visitors who drop off between pages on their way to converting.

  In our example, you may then see page one to page two has a drop-off rate of 47%. Page two to page three 95% users drop-off rate and page three to page four 97.3% users drop-off rate.

  Why is the drop-off rate so high from page two to page three and why is the drop-off rate so low from page three to page four ?

  So, you may need to simplify things on page one because you may unknowingly be offering your visitor an easy way out of the funnel. Maybe the visitor is stuck reading your content and not understanding the value of your offering.

  Small tip for session recordings …

  With session recordings especially you can see firsthand through live recordings where exactly visitors click away from the page which exits them from your conversion funnel. Take note to see if this is a recurring issue with other visitors, then take action into fixing this hole.

  Whatever the case, work towards reducing drop-off rates through your conversion funnels by discovering where the problems exist, make changes and learn how these changes affect engagement through heatmaps and recordings.

  Learn more about Funnels

  5. A/B Testing feature (premium feature)

  Following on from the example with the Funnels feature, once you identify there is a problem in your conversion funnel, how do you know what is preventing visitors from taking an action that pushes them to the next page in the funnel ? You need to test different variations of content to see what works best for your visitors.

  A/B Testing lets you test a variety of things, including :

  • different headlines 
  • less copy vs more copy 
  • different call-to-actions
  • different colour schemes
  • entirely different page layouts

  

  Once you’ve created two or more variations of specific landing pages in the conversion funnel, see how visitors interacted differently between the variations of landing pages through your heatmaps and recordings.

  

  You may see that your visitors have scrolled further down the page because more content was provided or an important CTA button was clicked more due to a colour change. Whatever the case, using A/B testing with heatmaps and session recordings is an effective combination for increasing user engagement.

  Learn more about A/B Testing

  The conversion rate optimization (CRO) strategy

  CRO is the process of learning what the most valuable content/aspect of your website is and how to best optimize this for your visitors to increase conversion chances. 

  Heatmaps and session recordings play a vital role in this strategy, but it’s how you work these features in tandem with other valuable Matomo features that will give you the most actionable insights you need to grow your business.

  Want to learn how to create an effective CRO strategy ?

  Learn CRO strategies

• Your guide to cookies, web analytics, and GDPR compliance

  25 février 2020, par Joselyn Khor — Analytics Tips, Privacy, Security
  It’s been almost two years since the GDPR came into effect and turned the online world on its head. Confusion around cookies/cookie consent/cookie compliance remains till today. So we’d like to take this chance to talk more about the supposed “big bad” of the latest century. 

  Online cookies seem to have a bad reputation, but are they as bad as they seem ?

  To start, what are cookies on the internet ?

  An internet cookie a.k.a. an HTTP cookie, is a small piece of data sent from websites that is stored on your computer or mobile when you visit that site.

  Are all cookies bad ?

  No. Cookies themselves are usually harmless as they can’t infect computers with malware. 

  They can also be helpful for both websites who use them and individuals visiting those websites. For example, when online shopping, cookies on ecommerce sites keep track of what you’re shopping for. If you didn’t have that tracking, your cart would be empty every time you moved away from that site.

  For businesses/websites, cookies can be used for authentication (logins) and tracking website user experience. For example, tracking multiple visits to the same site in order to provide better experiences to customers visiting their website.

  

  The not-so-sweet types of cookies :

  Cookies that contain personal data

  Another example of a bad cookie is when cookies contain personal data directly in the cookie itself. For example, when websites store demographics or your name in a cookie ; or when a website stores survey results in a cookie. Use of cookies in these ways is considered bad practice nowadays.

  Third-party cookies
  

  They can be used by websites to learn about your visit and activity across multiple websites. Cookies can enter harmful territory when employed for “big brother” types of tracking i.e. when they’re used to build a virtual fingerprint of individuals after their activity is tracked from website to website. For example most advertising networks create third party cookies in your browser when you view an ad, which lets these advertisers track users across these websites and let companies buy more targeted ads.

  Why does Matomo use cookies ?

  

  For accurate reporting of new and returning visitors. Matomo uses cookies to store some information about visitors between visits. We also use cookies to remember if someone gave consent to tracking, or opted out of tracking. 

  Types of cookies Matomo uses :

  • Matomo by default uses first-party cookies, set on the domain of your site.
  • Cookies created by Matomo start with : _pk_ref, _pk_cvar, _pk_id, _pk_ses. See a list of all Matomo cookies : https://matomo.org/faq/general/faq_146/

  Cookie-less tracking - disable cookies and ensure cookie compliance :

  It’s possible to disable tracking cookies in Matomo by adding a line on the javascript code. When cookies are disabled, Matomo data will become slightly less accurate. Also, when cookies are disabled, there may still be a few cookies created in specific cases.

  If you disable cookies, Matomo tries to detect unique visitors by a fingerprint based on a few browser attributes : operating system, browser, browser plugins, IP address and browser language.

  By disabling tracking cookies, you may also use Matomo without needing to display a cookie consent screen. You can also keep tracking when they reject cookie consent by keeping cookies disabled.

  Cookies and the GDPR

  In some countries and according to the GDPR, websites need to provide a way for users to opt-out of all tracking, in particular tracking cookies.

  The GDPR regulates the use of cookies when they compromise an individual’s privacy. When cookies can identify an individual, it is considered personal data.

  

  Cookie compliance and the GDPR

  To be GDPR compliant you must :

  • Receive user consent before using any cookies (except strictly necessary cookies). Read more on cookies that are “clearly exempt from consent”.
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  • Document and store consent received from users.
  • Allow users to access your service even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

  Source : https://gdpr.eu/cookies/

  When does GDPR require cookie consent ?

  The purpose of the GDPR is to give individuals control over their personal data. As such this regulation has provisions and requirements which regulate the processing of personal data to protect the privacy of individuals. 

  This means in order to use cookies, you will sometimes need explicit consent from those individuals.

  When does GDPR not require cookie consent ?

  Then there are many cookies that generally do NOT require consent (Source : https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies). 

  These are :

  • user input cookies, for the duration of a session
  • authentication cookies, for the duration of a session
  • user-centric security cookies, used to detect authentication abuses and linked to the functionality explicitly requested by the user, for a limited persistent duration
  • multimedia content player session cookies, such as flash player cookies, for the duration of a session
  • load balancing session cookies and other technical cookies, for the duration of session
  • user interface customisation cookies, for a browser session or a few hours, when additional information in a prominent location is provided (e.g. “uses cookies” written next to the customisation feature)

  Tracking cookies and consent vs legitimate interest

  

  User consent is not always required :

  We understand that whenever you collect and process personal data, you need – almost always – to ask for their consent. However, there are instances where you have to process data under “legitimate interests”. The GDPR states that processing of personal data is lawful “if processing is necessary for the purposes of the legitimate interests”. This means if you have “legitimate interests” you can avoid asking for consent for collecting and processing personal information. Learn more : https://cookieinformation.com/resources/blog/what-is-legitimate-interest-under-the-gdpr 

  A lawful basis for processing personal data (proceeding with caution) :

  We’ve also written about having a lawful basis for processing personal data under GDPR with Matomo. The caveat here is you need to have a strong argument for legitimate interests. If you are processing personal data which may represent a risk to the final user, then getting consent is, for us, still the right lawful basis. If you are not sure, at the time of writing ICO is providing a tool in order to help you make this decision.

  How is Matomo Analytics GDPR compliant ?

  Matomo can be configured to automatically anonymise data so you don’t process any personal data. This allows you to completely avoid GDPR. If you decide to process personal data, Matomo provides you with 12 steps to easily comply with the GDPR guidelines.

  New developments on cookies and the GDPR

  In the early days of the GDPR, a spate of cookie management platforms (CMPs) popped up to help websites and people comply with GDPR rules around cookies.

  These have become problematic in recent years. Europe’s highest court ruled pre-checked box for cookie boxes does not give enough consent. 

  As well as that, new research suggests most cookie consent pop-ups in the EU fall short of GDPR. A new study called, ‘Dark Patterns after the GDPR’ from MIT, UCL and Aarhus University found that a vast majority of websites aren’t following GDPR rules around cookies. The study found most cookie consent pop-ups in the EU to be undermining the GDPR by finding sneaky ways to convince website visitors to click ‘accept’.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to issues you may encounter when dealing cookies. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns. 

  Additional resources :

  • How do the cookie rules relate to the GDPR ? 
  • Cookies, the GDPR, and the ePrivacy Directive