6 Ways a Digital Ad Agency Should Ensure Web Analytics Data Security

,

Written by Urszula Kotowska

Published April 04, 2017

It would not be an overstatement to say that there is hardly any legal framework these days that would be as volatile as the one concerning data security. On the one hand, there is the European GDPR coming along, on the other hand, the US senate has just voted for repealing of the FCC regulation protecting user data. We live in a globalized world, hence whichever side of the globe is yours, as a digital ad agency, you are likely to deal with clients from locations with strict data laws. It is in your best interest to ensure adequate data security standards. As well as legal obligations, you need to respect your clients’ wish to not cross the line with their customers or betray their trust.

In this blog post we are going through the ways digital ad agencies can ensure top data security.

1. Model of hosting & data security

As you know, your web analytics hosting model has a major influence on data security. If you keep your web analytics data in the cloud on third-party servers, make sure the cloud is secure, or go for a cloud solution that ensures you full control of your data. Aside from ethical considerations, it also lets you retain the competitive edge the data you collect gives you. You can be sure that this particular arrangement of data is solely in your possession and that your competition will not benefit from it.

Ideally, you should consider making a long-term investment and have a web analytics platform deployed on-premises or in the private cloud. If you’re not sure about the features of different hosting options, read our blog post to learn how to host your analytics: public cloud vs private cloud vs self-hosted.

2. Anonymization of user data

As a digital ad agency you are in possession of detailed information on the users of your clients’ websites, most likely including PII (Personally Identifiable Information) or personal data, which are naturally indispensable if you run personalized marketing campaigns. With mobile still thriving, you gather more and more detailed information on consumers. Not only do you have the access to their likes and interests, but you also know what locations they often visit. Having such a round picture of who the consumers are is the very reason why you should make sure you handle and store the data with great care. Follow the best practises of anonymizing all the IP numbers in your databases so as to prevent putting a real person’s face to the data.

Especially when handling PII (Personally Identifiable Information), on top of anonymizing the users’ IPs, encrypt the databases to hinder matching the data with a real person. Look for a solution which, like Piwik PRO, offers automatic web analytics data anonymization – a feature that automatically assigns an anonymous ID to newly collected data. Such web analytics data can still be leveraged for your marketing purposes but cannot be linked to an individual person, which makes the whole process more ethical and safer.

FREE Guide: Avoid Privacy Risks and Prepare for GDPR

Learn how GDPR will change web analytics and data collection practices:

3. User Groups for tightened control

Another feature you might want to look for is User Groups. This feature lets you manage granting the access rights to particular sections of your web analytics. User Groups allows you to assign and revoke access rights to whole categories of data – you can decide which employees (or departments) can see reports on particular websites. The more detailed your data is, the more controlling you may want to be.

As a digital ad agency, you probably use one tool to collect data for multiple clients. Different agreements shape your cooperation. Exploit the User Groups feature to meet the requirements of your agreements. This Piwik PRO feature gives you greater control of what data your clients see so that you do not give away the trade secrets, but communicate only what is crucial for cooperation. Limiting the access also facilitates the cooperation as your clients get a clear picture that is not obscured by unnecessary clutter. The feature allows you to stay on top of the access rights, ensuring they are granted to the right people only.

4. SAML integration to prevent phishing

Piwik PRO Web Analytics and Tag Manager are integrated with server-side stored permissions such as LDAP (Lightweight Directory Access Protocol) and SAML (Security Assertion Markup Language) servers. Thanks to such an integration you receive a SSO (Single Sign-On) authentication, allowing you to access these platforms using a single set of login credentials. SSO lets you control the access (you receive detailed user access reports), but it also prevents phishing. Looking for secure web analytics, bear these acronyms in mind.

5. DNT & Opt-Out is a must

With the GDPR coming into effect next year, enabling internauts to opt out of being tracked will not be a luxury but a must. Piwik PRO by default respects the browser settings – make sure that the web analytics solution you use does so. The same applies to the tag manager. Remember that when the GDPR takes effect, your tag manager will need to manage the consents to tracking and respond to them in real time.

6. Secure Tag Manager – data security within tags

Tag Managers are widely used by marketers and analysts these days. Because of their capacity to deactivate tags and protect websites from third party tags, they are your number one security tool.

We recommend putting in place internal procedures that would ensure the security of the data within tags and prevent data leaks. Conduct regular audits so that you set yourself to detect potential vulnerabilities, control the access permissions, and, most of all, consider using an on-premises tag manager.

Wrapping up

Technology is developing fast and steady, giving digital ad agencies more and more precious insights into consumers. With greater power comes greater responsibility, though. As an ad agency you not only hold the responsibility for individual users’ data, but also for the trust your clients have in you. It goes without saying that, being a responsible business, you do not want to let either of them down. This blog post is supposed to serve as a security check for digital ad agencies who care about their web analytics data security. We hope, you will find it useful. If you enjoyed reading this, stay in touch, or subscribe to our newsletter and we’ll keep you updated!

FREE Guide: Avoid Privacy Risks and Prepare for GDPR

Learn how GDPR will change web analytics and data collection practices: