Google is serious about protecting your identity. They have very strict privacy policies in place to protect people who use their services and protect all of us from having our Personally Identifiable Information, or PII for short, getting accidentally exposed to the public.
The policies they have in place are very strict, and those breaking them are likely to lose their Google Accounts. Their privacy policies are governed by local and international laws.
As a website owner, or a user of any of Google's services, you need to make sure that everything you do will not risk exposure of someone's personal information. Information stored on Google Drive needs to be protected or encrypted properly. Information shared on Google+ must not violate any user's privacy.
The biggest issue though is with Google Analytics (GA) and the tracking on your own website.
Google Analytics tracks all the users on your site, and every page they look at. The website address (the URL) of every page is recorded into your GA account for you to view and run reports on. If your website uses URL variables, like /index.php?page=contact instead of /contact-us.html, then those variables will be saved in your GA account. In that example the variable name is "page" and the value is "contact."
There are times, more frequent that any web programmer really wants to admit, when personally identifiable information will accidentally be passed on your website through the URL. When this happens, it's quite likely that GA will accidentally capture the person's information.
Here's a list of the personal information that Google does not want you to capture in GA:
* real name
* email address
* credit card information
* bank account information
* government ID
* IP address (allowed in the USA, but not Europe)
Remember that Google's policies must comply with local laws, and it's those laws that protect this personal information. This is the same type of information that's also protected by PCI Compliance regulations for e-commerce sites.
Pay attention to how I've said this so far... Although Google's policies set forth protections for this personal information, Google Analytics is not able to auto-detect when this information is erroneously being captured.
It's up to you, and your programmer, to prevent personal information from being captured in your GA account.
If Google discovers that you are capturing this PII then they will delete your Analytics historical data. There's no built-in ability to delete the erroneous individual captured data, and that's very unfortunate.
So how does this PII accidentally get captured? Well, websites that rely heavily on URL strings instead of static file names (that's the /index.php?page=contact vs. /contact-us.html) could be more prone to accidental leakage of personal info into the URL.
However, there's a more common way that it could happen: Through the form on the Contact Us page.
When a visitor fills out your contact form and clicks the "Submit" button all that information is sent to you using a standard internet technology. This next part is a little technical because that technology can be a "post" or a "get."
Inside the HTML code it would looks like this:
The "get" method will feed the form's information into the URL, thus making it trackable by Google Analytics. On the other hand the "post" method will hide the information from the URL and from Analytics.
The "post" method is much safer and all your website forms should be using it.
Other than your contact form, there are other places on your website that have the potential to leak sensitive information into GA. Here are a few that I can think of:
1. Single field email newsletter signup form
2. Any shopping cart checkout screen, multiple steps
3. The unsubscribe link in your email newsletter
4. Member's only area forum posts
5. Member's only area personal information edit screens
6. Contest entry registrations
If Google Analytics is tracking any of those website areas/features, then you need to make sure that customer information is not being saved. Ask your website programmer to double check all your forms.
Inside your Google Analytics you should search for the PII. The easiest is probably to search for any email addresses that might have been captured.
1. Log into GA
2. Select Behavior on the left
3. Select Site Content
4. Select All Pages
5. Use the search box (filter) to search for the @ character
The @ character isn't typically used in URLs for less complicated websites so this fast search will quickly reveal any email addresses that were captured by mistake. If that doesn't work then you can try other searches for words like "name" or "username." You would have to ask your programmer for the variable names that are used throughout your own CMS.
What do you do if you find this information in your account? Well, like I said, if Google finds it first they will delete your historical data in order to comply with local laws. Your best bet would be to ask your SEM Pro or your developer to download all your analytics data. Then delete that tracking account and set up a new one.
This sounds extreme, but it's better that you do this than for Google to do it to you without warning.