Auditing your stored personal data

In this video, we’re going to talk about customer identity data and how it factors into privacy requests in Adobe Experience Platform Privacy Service. We’ll touch on how to audit your data operations in Adobe Experience Cloud to determine what identity data you should be sending to Privacy Service, and we’ll also introduce a concept of identity namespaces. When a customer requests to access or delete their personal data, Privacy Service must be provided unique identifiers related to that customer in order to process the request. These identifiers link that specific customer to their stored private data in your Experience Cloud applications. Common examples of these identifiers include email addresses, account IDs, and other values that can be used to identify a unique customer. Once Privacy Service receives these identifiers, it uses them to gather all data stored under the customer’s identity within Experience Cloud and process it according to the customer’s request. In order to provide the flexibility needed to serve various privacy needs across different industries, Privacy Service does not prescribe any particular identity type as being ideal or required. Ultimately, the IDs you need to send are determined by how you implement your Experience Cloud applications. It is therefore up to you to audit your data operations in order to determine what is being sent to, collected by, or stored in Experience Cloud. A good place to start is by asking, what IDs do my customers know about, or can provide, when they want their data to be deleted? In many cases, these IDs take the form of an email address or an account number. Once you have identified those IDs, ask the follow-up question, are any of these IDs mapped or known in any of my Experience Cloud applications? Say for example, our end users only have an email address as a known ID, which they can provide when they submit a delete request. After conducting a data audit, we know that email addresses are collected in our Adobe Experience Platform implementation, but not in Adobe Analytics. However, we also know that each email address has an associated Experience Cloud ID number, which is collected in Analytics. Based on this, we can conclude that we need to send Privacy Service the customer’s email address when deleting their data in Platform, and the customer’s Experience Cloud ID to delete their data in Analytics. Now that we have a better idea of how IDs work in Privacy Requests, let’s dive a bit deeper into the anatomy of an individual customer ID, also called an Identifier. An Identifier is comprised of two parts, an identity namespace and a value. What’s a namespace? Well, you can think about it this way. When a customer can interact with your brand through several different channels, it can be challenging to reconcile the different identities that are recorded from those many interactions. This can make it difficult to determine which data belongs to a particular person in your Experience Cloud applications. For example, when handling customer data requests in Privacy Service, an identity may represent a cookie value set under an Adobe-controlled domain, a cookie value under a third-party domain and shared with Adobe, or a custom identifier that you explicitly define in your IMS organization. Because of this, whenever you send identity data to Privacy Service, each identifier must be accompanied with an identity namespace, which represents the system of origin for the identity value. For example, a namespace can represent a generic concept such as an email address or phone number, a product-specific identity such as an Adobe Target ID, or an identity that is recognized across all Experience Cloud applications, like an Experience Cloud ID. As you can see, a single customer can have many associated identities that are collected by your Experience Cloud applications. This is where the Privacy JavaScript library comes in. The library provides a streamlined solution to gather the associated IDs of any logged-in customer from client-side of your Experience application. See the video on using PrivacyJS library for more information. By watching this video, you should now have a better understanding of how to audit your Experience Cloud data operations in order to determine which IDs to send to Privacy Service and how those IDs are distinguished from each other through namespaces. If you’re using Adobe Analytics, see the video on adding privacy labels to your analytics variables before you start making privacy requests. For more information on how to format identities and namespaces in your privacy requests, please refer to the Privacy Request video tutorials or the official Privacy Service documentation. Thanks for watching!