Open topic with navigation
Analytics collects user data from some of the resources that it monitors in order to track how users interact with those resources. Tracking user information makes it possible to assess the usage of various applications and sites in order to facilitate decisions on how to improve the user experience. Whenever an organization or software collects user data, privacy and the protection of personal data becomes an issue.
Increasingly, regions like the European Union (EU) and California are enacting laws or regulations to govern how organizations protect users' privacy rights when they collect user data. Regulations vary between regions from non-existent to a strict set of precise instructions.
Currently, the strictest set of regulations is the EU General Data Protection Regulation that comes into effect on May 25, 2018. Only Analytics users in the EU have to follow these strict regulations. Most other regions are likely to have less exacting requirements.
To ensure that all Analytics customers are able to comply fully with privacy regulations, Analytics has built-in features that make it possible to comply with the strictest current regulations.
Privacy regulations usually specify that organizations protect personal privacy in the following ways:
Obtain User Consent:
Most regulations indicate that organizations, websites or software, should ask for users' consent before tracking user data. In some cases, privacy regulations also stipulate that the user must be informed about how their data will be used and how to opt out of tracking if they wish to.
A common strategy to obtain consent is to insert a pop-up, when a page or application opens, that contains the required information along with a check box that users must select to confirm their consent. Analytics customers need to ensure that they put in place measures to obtain user consent, if this is needed.
Retrieve and Delete Personal Data:
Some regulations state that, if an organization collects user data, they must make it possible for a person to receive, and then have their collected data deleted, on request.
In Analytics, Configuration, System settings, on the User Data tab, you can search for user data based on the user's full or partial username or ID if they were authenticated when they accessed the application or resource. If they were not authenticated on sign-in, then you can search on their IP address. Once retrieved, you can export the data or purge the data of any identifying information, rendering it anonymous. When user data is purged, Analytics retains the data on the user's interactions and activities but removes any identifying information.
For more information, see Privacy Regulations and Analytics
Opt Out of User Tracking:
Regulations call for software or a website to have a means to allow a user to opt out of being tracked and that users must be given information on how to do so.
Analytics uses the Do-Not-Track privacy setting available in browsers to determine if a user has given their consent to be tracked or not. Users can set the Do-Not-Track setting in their browser to grant or remove consent. When a user's browser Do-Not-Track setting is enabled and the Analytics Enforce Do-Not-Track Privacy Settings is enabled, Analytics respects the user's browser setting and no private information is collected.
Security Measures and Data Protection:
Some privacy regulations call for organizations to ensure that any collected user data is secured against malicious attacks.
You can add security measures to the servers where Analytics is installed, and this is strongly recommended. These security measures include firewalls, proxies, and multiple-layer authenticated access that make it possible to secure any stored user data.
The following is a comprehensive, although not exhaustive, list of measures that you can implement in order to comply with the strictest privacy regulations. Unless you are operating in the European Union, you are unlikely to have to implement all of them.
To meet strict privacy regulations, you should:
Establish what privacy laws and regulations are applicable in your area.
Establish what your organization's retention policy is for stored user data, in particular, how long user data will be kept. Some regulations require that you inform the user of the length of time their data will be stored.
Based on what your region's regulations are, configure Analytics to comply with those regulations.
If the region you serve has privacy tracking laws, then obtain users' unambiguous consent before tracking or using their data.
A good practice is to add a pop-up that appears when the site or software opens. The pop-up contains text to inform the user how their data is used, how long it will be kept and how to opt out of tracking. The pop-up also contains a box for the user to confirm that they consent to being tracked. The language must be plain and easily understood.
Example text for this pop-up could be:
This [application/website] records user statistics, such as your user name and Internet Protocol (IP address) in order to improve your user experience and the overall quality of our services. User data is stored for analytical purposes for up to [X] years and is not shared with any third parties.
Consent is determined by the Do-Not-Track setting in your browser. If you do not want your usage of this application/website to be tracked, you must enable your browser Do-Not-Track setting.
Keep the stored User Data that Analytics collects secure:
Ensure that there is a firewall in place, either software or hardware-based, that prevents Elasticsearch, which is the data store used by Analytics, from initiating outbound connections. Ideally, the server that Analytics is installed on should be on an isolated private network and not accessible from the internet.
Set up your proxies so that they allow the Do-Not-Track property on headers in HTTP messages through the proxy.
It is very important to configure any proxies you have between client and server to allow the Do-Not-Track header property on web requests through the proxy. When you have set up Enable Do-Not-Track Privacy Settings in Analytics, test to ensure that your proxies do not strip out the Do-Not-Track header property from web requests.
Ensure that the folder that contains the stored Analytics user data is secured and that a minimum number of people have access to that folder.
Restrict the number of users who have access to the server containing the Analytics data store, and ensure that those users with access use standard account security procedures (such as using strong passwords, multi-level authentication, etc.).
Monitor system logs regularly to check for possible intrusion attempts.
Apply Windows patches regularly to prevent attacks using identified exploits.