Does Adobe collects and stores referrer data as this can potentially contain the CUSTNAME & CUSTID parameters which have PII information.
Adobe doesn’t collect any PII data ourselves. If customer is passing any PII data to Target via mbox params or any other method, then they are responsible for it and they should not send such data to Target.
If the data of concern was in the referrer URL only, then we should not have any issue as we do not store the referrer URL. We use referrer URL only within the session for determining targeting conditions.
If the data of concern was sent to Target as mbox profile parameters or via profile update API or CRS etc, then yes that data will get stored. That data however is governed by profile life time settigns which is set to 14 days for this customer. If a previous visitor does not return for 15 days, that profile expires. If a previous visitor returns before the original two-week profile expires, the profile is reset to the extended lifetime.
If the customer has mistakenly used eVar to collect an attribute they consider to be sensitive, they should discontinue this practice.