How to ensure data sent to Experience Platform is HIPAA-ready
All back office event data that the Data Connection extension sends to Experience Platform is considered sensitive within Commerce. However, it is the responsibility of the merchant to apply data usage labels to their Commerce schema in Experience Platform to explicitly identify particular data as sensitive. When you apply data usage labels directly to a schema, those labels are propagated to all existing and future datasets that are based on that schema.
For an overview of data usage labels and their role within the Data Governance framework, see the data usage labels overview in Experience Platform documentation.
Apply data usage labels to Commerce fields
Follow the steps in the manage data usage labels for a schema tutorial to learn how to apply labels to your Commerce schema.
See the glossary of sensitive labels to learn about the available labels you can apply to the fields in your Commerce schema. For example, the label RHD
identifies Protected Health Information (PHI) or information about a patient that you are contractually permitted by Adobe to upload.
When your Commerce data is labeled as sensitive, you can enforce policies to prevent data operations that constitute policy violations. Learn more about policy enforcement in Experience Platform.
Data encryption in Commerce
Adobe Commerce uses block-level encryption. For storage, Commerce uses Amazon Elastic Block Store (EBS). All EBS volumes are encrypted using the AES-256 algorithm, which means that the data is encrypted at rest. Commerce data in transit is conducted over secure, encrypted connections using HTTPS TLS v1.2.
Data encryption in Experience Platform
When merchants send their data to Experience Platform, that data is sent using HTTPS TLS v1.2. Learn more about how Experience Platform encrypts data.
How Commerce handles privacy requests
Learn how Commerce handles privacy requests.