Privacy is a topic that is becoming increasingly talked about in the web analytics industry. As data is becomes more and more integrated, and tools make functional improvements to respond to demands, data security concerns are finding themselves at the forefront of discussion.
Data needs to be secure, we totally agree. That said, it's difficult with the world moving towards an increasingly mobile and personalized experience. The dilemma is how to offer these kinds of experiences without being able to collect the data necessary to justify the ROI? It requires a certain level of trust between the parties, and in order to establish such trust, education about the storage and use of data is highly important.
According to The Wall Street Journal’s What They Know series, the 50 most popular U.S. websites all considerably use various tracking technologies to create profiles of consumers’ habits. This includes web analytics programs such as Google Analytics.
Many companies used to access (and some probably still do) web analytics data (either their own, or that of a client) using a single username and password. Passwords often went unchanged for quite some time, and the login details were given to various people across the organization.
It goes without saying that this is probably not the best practice in terms of data security, especially from the point of view of client data, if anyone from the CEO to the intern has unprecedented access to their sensitive information.
Competitive advantage or simple data overload could be other reasons to restrict access to such data - competing branches may not want their data to be viewable by others, and does the summer intern really need administrative access to client accounts? Everyone who has access to a web analytics tool should take responsibility for that access.
Here are a couple of tips and tricks on managing privacy and web analytics:
- Don't share logins across the organization
- Create different levels of access for different users
- Regularly review existing users - should people that have left the company really still have access to your clients data?
- Encourage users to change their passwords on a regular basis
As we've mentioned before, the WAA have released version 2.0 of their Web Analyst's Code of Ethics, which basically says:
We’re going all the way back to the [individual analytics worker] and saying, “Are you willing to put your name on a line and say you won’t associate personally identifiable information with tracking cookies unless there has been an explicit declaration thereof? Are you willing to say you won’t transfer the data without permission from the consumer?”
And privacy is the first item on the Code of Ethics, which reads:
"I agree to hold consumer data in the highest regard and will do everything in my power to keep personally identifiable consumer data safe, secure and private. To this end I will never knowingly transfer, release, or otherwise distribute personally identifiable information (PII) gathered through digital channels without express permission from the consumer(s) who generated the data. I will also work with my legal dept where applicable to enforce a cookie and user identification policy that is appropriate and respectful of the consumer experience in the environment I work in so as not to collect and maintain superfluous customer data."
So to round off, as web analytics faces growing regulatory and public scrutiny, people who analyze online data are being confronted with various demands concerning privacy. The Web Analyst's Code of Ethics is the first document that could hold everyone to the same standard, and begin to combat the war on data privacy.