Datastreams overview

A datastream represents the server-side configuration when implementing the Adobe Experience Platform Web and Mobile SDKs. While the configure command in the SDK controls things that must be handled on the client (such as the edgeDomain), datastreams handle all other configurations for the SDK. When a request is sent to the Adobe Experience Platform Edge Network, the edgeConfigId is used to reference the datastream. This allows you to update the server-side configuration without having to make code changes on your website.

You can create and manage datastreams by selecting Datastreams in the left navigation within the Adobe Experience Platform UI or Data Collection UI.

Datastreams tab in the UI

For more information on how to configure a datastream in the UI, see the configuration guide.

Handling sensitive data in datastreams sensitive

The content of this document is not legal advice and is not meant to substitute for legal advice. Consult with your company’s legal department for advice concerning the handling of sensitive data.

Corporate data stewardship policies and regulatory requirements are increasing restrictions on how sensitive customer data can be collected, processed, and used. This includes the collection, processing, and usage of Protected Health Data (PHI) which is subject to to regulations like the Health Insurance Portability and Accountability Act (HIPAA).

Datastreams provides three methods to assist you with securely handling your sensitive data:

Enhanced encryption encryption

All data in transit though the Edge Network is conducted over secure, encrypted connections using HTTPS TLS 1.2. If the datastream is bringing data into Experience Platform, the data is then encrypted at rest in the Experience Platform data lake. See the document on data encryption in Experience Platform for more information.

Data governance governance

Datastreams use the Experience Platform built-in data governance capabilities to prevent sensitive data from being sent to non-HIPAA-ready services. By labeling specific fields that contain sensitive data in your datastream schemas, you can take granular control over which data fields can be used for specific purposes.

The following video provides a brief overview of how data usage restrictions are configured and enforced for datastreams in the UI:

Hi, I’m Travis Jordan on the Experience Platform Product Team. In this demo, I’m going to show you new features that allow customers to manage sensitive data such as PHI or regulated health data in data collection. Okay, let’s dive into scenario number one. In this scenario, non-HIPAA ready service destinations are filtered out in the data streams UI if that data stream is associated with schema that includes sensitive labels. So, you’ll see here this data stream has sensitive labels. It references M01-schema which indeed has sensitive labels. So, if I attempt to add a service or a destination and I go to select that, I only see destinations that are HIPAA ready. So, non-HIPAA already destinations such as analytics or target or audience manager do not show in the dropdown. This prohibits customers from sending sensitive data to non-HIPAA ready destinations. This is great. Okay, let’s take a look at scenario number two. In this scenario, an error is received in data streams when attempting to add on event schema that includes sensitive labels and non-HIPAA ready destination services. Okay, let’s take a look. So, once again, in this data stream it does not include sensitive labels. It references M02 which indeed does not reference sensitive labels. Okay, now, if I try to add a service, I see all the options. This is great. So, now I can go ahead and enable analytics.
Now, here’s the interesting part. Now, let’s say I want to add platform. Okay and I want to reference an event data set that does include sensitive labels. Let’s try M01.
I get an error that does not allow me to add that schema because it includes sensitive labels. Okay, let’s wrap up with scenario three. Now, I’m going to hop over to platform. In this scenario, an error is received in platform when attempting to add sensitive labels to a schema that is associated with a data stream that includes non-HIPAA ready destination services. So, let’s take a look. Once again, M02 does not include sensitive labels and it is sending data to a non-HIPAA ready destinations in analytics. So, if I click this and I try to add sensitive labels to this, let’s say I want to add a sensitive label to this specific field and I select the sensitive label, I click save. It does not allow me to add these sensitive labels. Why? Because this data stream includes a non-HIPAA ready destination.
And this concludes our demo on managing sensitive data and data collection, thank you. -

In Experience Platform, you can apply sensitive data usage labels to schemas and fields containing data that your organization deems sensitive. For example, the RHD label is used to denote Protected Health Information (PHI), and the S1 label represents geolocation data.

For details on how to apply data usage labels within the Schemas tab in the Experience Platform UI or Data Collection UI, see the schema labeling tutorial.

When you create a datastream, if the selected schema contains sensitive data usage labels, you can only configure the datastream to send that data to HIPAA-ready destinations. Currently, the only HIPAA-ready destination supported by datastreams is Adobe Experience Platform. Other destination services including Adobe Target, Adobe Analytics, Adobe Audience Manager, event forwarding, and edge destinations are disabled for datastreams containing sensitive data usage labels.

If a schema is being used in an existing datastream with non-HIPAA-ready services, attempting to add a sensitive data usage label to the schema results in a policy violation message and the action is prevented. The message specifies which datastream triggered the violation and suggests removing any non-HIPAA-ready services from the datastream to resolve the issue.

Audit logs

In Experience Platform, datastream activities can be monitored in the form of audit logs. Audit logs indicate who performed what action, and when, along with other contextual data that can help you troubleshoot issues related to datastreams to help your business comply with corporate data stewardship policies and regulatory requirements.

Whenever a user creates, updates, or deletes a datastream, an audit log is created to record the action. The same occurs whenever a user creates, updates, or deletes a mapping through Data Prep for Data Collection. Regardless of whether it was a datastream or a mapping that was updated, the resulting audit log is categorized under the Datastreams resource type.

See the documentation on audit logs for more information on how to interpret logs from datastreams and other supported services.

Next steps

This guide provided a high-level overview of datastreams and their use in Data Collection and the processing of sensitive data. For steps on how to set up a new datastream, see the datastream configuration guide.