Remove PII Guide
Optimove has always been focused on data protection and is committed to full compliance with regulatory requirements including GDPR and CCPA, as well as taking additional precautions to ensure the complete security and privacy of your customers’ data.
Personally Identifiable Information (PII) is sensitive data that identifies a specific customer, such as their name, email, or address. When collecting customer data for marketing personalization, safeguarding PII is paramount to protect customer privacy.
In this article, we will detail how Optimove helps to ensure your organization manages PII with effective data governance.
Configuring PII Attributes
As you onboard with Optimove, our Data Teams will work closely with you to manage your data. At this stage, as well as throughout your time with Optimove, you can work with our teams to configure which attributes should be marked as PII.
Anonymizing Customer PII
The following processes set out how to remove Personal Identifiable Information (PII) in Optimove within the context of the GDPR requirement of the right to be forgotten.
Whether you're a data controller (client) or a processor (Optimove), understanding the nuances of the PII deletion process is crucial for both ethical data management and regulatory compliance.
Overview: Storing, Managing, and Deleting PII
PII is stored in Optimove’s Customer Profile only and maintained only on related databases. This applies to all the historical customer records Optimove stores, and all the real-time events streamed for this process. Please make sure that no PII is being appended to transactional information, for example.
Once customer attributes are marked as PII, they will be anonymized in the deletion process via Optimove’s API or manual CSV list upload.
It's important to note:
- When deleting PII, Optimove does not delete the record of an anonymized customer. This means anonymized customers can still be accessed in Customer 360 using its Customer ID.
- In the case of a Customer ID that contains PII, customers will no longer be accessible due to the anonymization process.
- Make sure that in the next data delivery process no additional data of anonymized customers will appear.
How to Delete PII?
There are two methods to delete PII:
- Optimove’s API
- Manual CSV upload
Please note: In some cases, it may take up to 72 hours for all data related to a particular customer to be completely removed from all Optimove systems.
Deleting a customer’s data will erase all PII from Optimove (both current and historical data). However, to maintain the integrity of campaign and application usage analytics, aggregated anonymous data will not be amended when a customer’s data is deleted (for example, a campaign’s “Increase in” metric value will not be recalculated once a customer’s data is deleted). This still allows for GDPR compliance because this aggregated data cannot be traced back to an individual.
A customer’s PII is being deleted from all of Optimove’s data pipelines and the record remains anonymized. In case of Customer ID, PII will also be untraceable. This means if customer that has deleted their ID which is an email, the customer will be untraceable from that point onwards.
Remove Customer PII using Optimove API
To automate the removal of PII, you can use Optimove’s API with the RemoveCustomerPII function.
Please note: This can be done for up to 50k customers at one request. Make sure that in the next data delivery process no additional data of anonymized customers will appear.
Manually Upload a CSV File via Settings
For ad-hoc removal of PII for a smaller number of customers, this process can be done manually by uploading a list of customers you would like to anonymize.
How to Use:
- Go to Settings
- Go to the ‘General’ tab in the left toolbar and select Remove Personal Data
- Upload your CSV.
Please note: The CSV file should contain only a list of Customer IDs used in Optimove that you wish to erase.
Post PII Removal
After initiating a PII removal request, follow these guidelines:
Ensure that no data of anonymized customers is delivered to Optimove in the future to maintain compliance. This includes preventing data delivery as part of the Optimove Daily Process and real-time events related to this customer.
Failure to do this will result in any new record of this customer will overwrite the anonymized attribute.
Keep in mind that aggregated anonymous data, such as campaign and application usage analytics will remain unchanged.
Remember that deleting a customer’s data erases all personally identifiable data from Optimove, including both current and historical data. However, non-PII data fields will remain accessible in Customer 360.
Post PII removal, the customer profile will appear as follows:
Before Removal | After Removal |
---|---|
ID = 1234567 | ID = 1234567 |
Name = John | Name = null |
Country = UK | Country = null |
Masking PII from Optimove Teams
For the PII fields that have been configured, we implement a robust PII masking layer within our data infrastructure to ensure it is not visible to Optimove teams, whether that be our Support team or Data Solutions team. This means sensitive customer data remains shielded from view or utilization by Optimove employees without impacting Optimove teams to provide data support.
For example, Optimove Data Teams can access your data to update attributes in your Single Customer View. When communicating with the database, their user will have limited permissions that blocks visibility to PII.
To implement this, reach out to your Customer Success Manager.
Updated 6 months ago