Using Data Responsibly Is Table Stakes
With Adobe Experience Platform (AEP) users benefit from built-in data governance configurations to ensure data usage and activation compliance.
In a recent Adobe Experience Makers Privacy & Security webinar, “What Financial Servicers Can Learn from Healthcare,” Further own Cory Underwood, CIPT, CIPP/US recapped a couple of recent warnings.
Earlier this year, the Federal Trade Commission (FTC) and the Department of Health and Human Services (HSS) warned and fined healthcare providers for sharing health data with advertising partners. Likewise, the FTC warned tax prep companies about using data collected while preparing taxes to inform advertising activities without proper consent.
These warnings and fines make it crystal clear that using data responsibly is now table stakes.
How Does Adobe Experience Platform (AEP) Help Companies Use Data Responsibly?
Using data responsibly involves activities such as knowing what data you have, where it is housed, who has access to it, what systems it is shared with, managing customer consent, and adhering to regulations.
Understanding how critical these activities are, Adobe offers Data Governance to ensure data usage and activation within the Adobe Experience Platform is compliant. Adobe Experience Platform Data Governance consists of three configurations: data usage labels, Data Usage Policies, and Policy Enforcement. We’ll dive into all three of these below.
Data Usage Labels
Data usage labels categorize the fields in your schema according to how the data in that field can be used.
Adobe provides standard data usage labels and the ability to create your own labels. Some of the out-of-the-box data usage labels include “data cannot be exported to a third party” “data cannot be used for targeting any ads or content, either on-site or cross-site,” and “data cannot be exported in any way.”
To apply data usage labels in AEP, click on Schemas in the left rail, then select your schema. From here, there are two approaches to applying labels: individually or in bulk.
Select a parent field or a specific field, then click “Apply access and data governance labels” in the right rail (screenshot 1).
Click on “Labels” at the top left of the Schema pane, then select the checkbox to the left of each field to which you wish to apply a data usage label. Next, click “Apply access and data governance labels” in the right rail (screenshot 2).
Be aware that when a data usage label is applied to a field from a shared class or field group, all schemas that utilize that shared class or field group will also pick up the data usage label. For example, if you apply a data usage label of “Indirectly Identifiable (l2)” to the Channel field within the “Consumer Experience Event” field group, then all schemas that use the “Consumer Experience Event” field group will have “Indirectly Identifiable (l2)” affiliated to the Channel field.
Note: To see what data usage labels have been applied to a schema, click on the “Labels'' tab at the top left of the Schema pane. Then click on the filter icon to find the fields with data usage labels.
Apply Data Usage Labels Individually
Apply Data Usage Labels In Bulk
Data Usage Policies
To view the data usage policies in AEP, click on Policies in the left rail, then click on “Browse” at the top left of the Policies pane. Here, you see the data usage labels and the marketing actions affiliated with each data usage policy.
By default, the policies are disabled. Make sure to enable the Policies affiliated with the data usage labels you applied to the fields in your schema by clicking on the Policy row. This will open the right rail, where you can toggle the “Policy status” to Enabled (screenshot 3).
Note: Organizations that have purchased the Adobe Healthcare Shield add-on or the Adobe Privacy & Security Shield add-on will also have Consent policies available that utilize your customers’ consent regarding how to use their data.
Enable Data Usage Policies
Once data usage labels have been applied and the affiliated data usage policies have been enabled, the enforcement of these policies can be approached in two ways: API-based enforcement or automated enforcement.
- API-based enforcement: The Policy Service API is available with Adobe Experience Platform. No add-ons are required. The Policy Service API allows you to programmatically integrate policy enforcement into your applications using API calls. Based on the API responses, logic within your applications can handle violations (i.e., enforce policies) when they occur. The Policy Service API can also be used to test that the data usage labels and data usage policy configurations are returning the expected violations.
- Automated enforcement: Automated enforcement is available for those who have purchased the Adobe Healthcare Shield add-on or the Adobe Privacy & Security Shield add-on. As the name suggests, this will automatically evaluate, identify, and block access to data when a data usage policy violation occurs. When a data usage violation is prevented, information about the violation will be displayed, including the specific action that caused the violation (screenshot 4).
How Further can help
Reach out to our privacy team to conduct a data privacy and regulatory compliance audit. We will flag any technology, locations, or data collection types that may pose a risk. We will also assess marketing processes, reporting processes, and strategies to create a roadmap of potential tracking technology changes.
Armed with your roadmap, we will help you activate it—whether you need help implementing critical systems such as Consent Management Platforms, creating centralized records of consent with your Customer Data Platform (CDP), or migrating to platforms with data governance built-in such as Adobe Experience Platform (AEP).
Worried about compliance and the potential consequences of not getting privacy and consent right? We can help. Reach out today.