Enforce data usage policies

Learn how to enforce data usage policies when activating an audience to a destination. Learn how to add marketing actions to destinations, how to analyze a policy violation during activation and how to use the data lineage to understand and remediate policy violations. To learn the API-based approach, see enforce data usage policies using the Policy Service API.

In this video, we’ll look at how Adobe Experience Platform’s data governance framework enforces data usage policies when activating audiences with the destinations feature. We’ll go through the key workflows including adding marketing actions to destinations and resolving policy violations. The enforcement capability builds upon the labeling and policy management features and together create the data governance framework. The data governance framework allows you to prevent certain types of data from being used for certain purposes. Say you ingest data into Platform that has a contractual restriction barring its usage for interest based targeting. How can you prevent marketers from using it that way? By embedding enforcement in activation workflows, data stewards can prevent non-compliant data usage. Labels, policies, and marketing actions in the framework allow data stewards to model complex usage restrictions. Marketers get real-time visibility into the usage restrictions through policy enforcement notifications. This minimizes coordination overhead with data stewards and allows marketers to confidently use data to deliver great customer experiences.
From a data steward’s perspective there are three key steps that need to be completed to manage data usage restrictions. The first is to classify data using labels. The second is to define data usage policies. And the third step is to indicate your usage purpose with marketing actions. Let’s take a look at a use case for Luma, our demo brand. Luma has a contractual restriction that prevents them from using their loyalty data for on-site advertising. How can we use the governance framework to enforce this? We’ve already completed step one, classifying the data using labels. Here we can see the loyalty data set as the C4 label applied to all of its fields. Step two is also complete. There is a policy enabled to restrict the use of any data labeled C4 for the marketing action of onsite advertising. So, let’s take a look at step three, setting our usage purpose. We do that by specifying a marketing action in the destination. I’ll create a new destination. Note how I’m prompted to provide the marketing actions for the destination. Note that I can add more than one. Adding these marketing actions to destinations is critical to connect policies to data labels, enabling enforcement. Now let’s look at what happens when a marketer tries to activate a segment using loyalty data to this destination. Here I have a segment, gold customers, that uses fields for my loyalty dataset to define membership. I’ll go to my destination and try to add this segment.
The activation isn’t allowed and a governance policy violation is shown. The violation shows why our action wasn’t allowed. In this case, we violated the restrict onsite advertising policy when we tried to activate a segment based on data with the C4 label to a destination with the onsite advertising marketing action. Suggestions to possibly resolve the policy violation are noted as well. In the data lineage area, we get a visualization showing us our specific dataset, merge policy, segment, and destination involved in the violation, including what action we were performing when the violation occurred. There are links to quickly open any of the related components. By analyzing this lineage, the marketer can understand what they did wrong and know not to try using loyalty data for cross site targeting in the future. Let’s take a look at a different scenario. Here I have a segment which doesn’t include any of the fields for my loyalty data set. Let’s see what happens when I try to activate this segment to my destination. Again, I get a policy violation. In this case, it’s not the fields in my segment that are the problem. It’s the merge policy used by the segment. I can remove the violating data set from my merge policy to resolve the violation or I can use it different merge policy that doesn’t include this data set in my segment. Once I’ve made the change I can come back to the destination and reattempt activation. Enforcement is embedded across platform workflows. So, any changes you make that violate existing activations are also prevented. This includes dataset label updates, merge policy changes, segment definition changes and destination configuration changes. You should now be able to use the governance features in Platform to manage marketing actions and destinations, analyze governance policy violations, and use data lineage to remediate policy violations. -