Introduction¶
Data Privacy gives website owners a means to prove that they are actively working to be compliant with local regulations. Automate the management of personal data with our text scan (as opposed to HTML), and use the Google Data Loss Prevention API to analyze the scanned data. When the scan is done, the website data is sent directly to the Google API for analysis.
We do a scan on your domains to find potential data privacy issues. View the scan results by severity level and the number of pages affected by the issue.
The Data Privacy feature is based on the Google Cloud Data Loss Prevention API, and is updated when the API is updated.
Severity and Likelihood¶
To find out more about how we calculate the prioritization of errors, as well as the severity and difficulty level, see the user guide article:
Priority, Severity, Difficulty, and Likelihood.
Setup¶
This section gives instructions on how to set up the Data Privacy feature in Acquia Optimize.
Click Admin Settings (gear icon) on the Domain Overview page toolbar.
Note: Only admin users can access this button.
The Domain Settings page opens.
Click Action on the same row as the domain you want to configure.
The Action menu expands.
Select Edit Domain. The Edit Domain page opens.
Locate the Features section.
Turn the Data Privacy switch to ON. This activates the module and adds the link to configure the settings.
- Click the link Open Data Privacy Settings, located beside the Data Privacy button. The Domain Data Privacy Settings page opens.
Locate the Choose what to Scan section.
Toggle the appropriate switches to ON. The required settings in the Global requirements list are automatically selected. The choices are:
- GDPR: General Data Protection Regulation applies to any EU company and requires that all personal data that is collected and/or processed is made transparent, including the disclosure of the purpose for data collection.
- CCPA: The California Consumer Privacy Act is basically a set of regulations that apply to organizations that collect personal data on any California resident.
APA: Australia's Privacy Act includes thirteen codes of conduct with regards to the disclosure of personal information.
Websites, companies, and organizations that operate in Australia must follow these codes of conduct in order to be compliant.
- SHIELD: The Privacy Shield Program Overview is a mechanism for companies to use to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
- PIPEDA: The Personal Information Protection and Electronic Documents Act of Canada applies to transfers of personal information to a third party operating outside of Canada.
Tip! If your region/regulation is not on this list, it is possible to customize the settings to create specific requirements. Just select the regulation that is most similar and tick/untick the boxes to add or remove specific items from the scan.
- Click Save Preferences. The Domain Data Privacy Settings pane closes. The Edit Domain page is visible again.
- Click Save. The Edit Domain page closes.
- A new Data Privacy report is in the Data Center after the next scan. Choose users to send the report to automatically after every data privacy scan.
- The data privacy issues are stored in the History Center for quick reference. See the status and number of issues that the scan finds, as well as issues that are repaired.
For more information, see the user guide articles:
Instructions¶
This section gives instructions on how to navigate to the Data Privacy feature and correct errors detected by the scan.
Click Data Privacy (the lock icon), on the domain toolbar.
The Data Privacy page opens.
Summary¶
Select this option from the menu on the left side of the Data Privacy page. This is the Data Privacy landing page and it is the default view.
The Data Privacy summary page opens. There are 4 sections:
- Most serious issues found: The list shows the name of the issue, the number of pages it occurs on, and the level of risk. The severity of the issues is determined by the following:
Risk severity: This rating indicates the level of risk associated with the data, with regards to potential threats to organizational assets, organizational operations, and individuals should it be disclosed without authorization.
For more information, see the user guide article:
- Number of visitors: The number of visitors to the page since the last scan.
- Number of pages: The number of pages that contain the error, as determined by the last scan.
- Click on an issue in the Number of pages column. The page slides open. The information shown is:
- Search: Click in the dialog box and type a search parameter.
- Title and URL: The page title and a link to the issue details for the page.
- Views: Approximate number of page views since the last scan. This information is only available when Statistics is enabled.
- Open page details (the page icon): On the same row as an issue, click the Page icon to navigate to the overview of the page. This view shows the data policy issues for the page as determined by the last scan.
- Click Action on the same row as an issue. Choose an action to take for the issue. The choices are:
- Ignore on the page
Mark as fixed.
- Redirect to Page (magnifying glass icon): Navigate to the page and then use the Acquia Optimize Extension to identify the placement of the errors on the page, repair the errors, and more.
- Affected pages by severity: The distribution of data security issues by severity, along with the number of pages that are affected.
See the user guide article Priority, Severity, Difficulty, and Likelihood for a breakdown of the levels of severity. - Data Privacy Diagnostics: A percentage diagram shows the percentage of total pages that are compliant with the selected data security checks. A line graph shows the issues over time.
FastTrack¶
Select this option from the menu on the left side of the Data Privacy page.
The Data Privacy FastTrack page opens.
- HTML snippet affecting compliance level: This section is on the left-hand side of the window and contains a list of the HTML snippets that affect the compliance level of the webpage. Click the name of the HTML snippet to open the Details sections for that snippet.
- Effect on overall compliance level: This section shows the percentage of overall compliance level that this error causes, as well as the number of affected pages and the number of checks that fail.
- Snippet: This section is on the right-hand side of the page and shows the name of the HTML snippet.
- Check: This section shows the checks that fail, a link to the Help Center, the number of affected pages, the severity of the issue, and an Action button for review of the issue.
- Click Action and select Review.
- A dialog box asks for a reason for the review. Enter the reason that the issue is approved and then click OK to close the dialog.
- The issue is gone from the list. To view items placed in Review, check the audit log.
For more information, see the user guide article:
Acquia Optimize FastTrack.
Content with Data Issues¶
Select this option from the menu on the left side of the Data Privacy page.
The Content with Data Issues page opens.
The list contains the following fields:
- Filters: Select a category from the menu bar at the top of the list to further filter the list as needed:
- All: View all results.
- Pages: View pages with issues.
- PDF Documents: View PDF documents with issues.
- Other Documents: View other documents with issues.
Export: Click to export the list. A dialog box opens. Select your export file:
Content with Data Issues Export.
A message informs that, "Your export is currently being generated, You will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or click Go to My Exports on the message dialog box.
- Filter (the funnel icon):
- Data Regulations: Click to filter for Data Regulations. This list is populated with the selections that you made during setup. See the Regulatory Templates section in this document for an explanation of each selection. Here are some of the fields that may appear in a setup:
- Search: Click in the dialog box and begin to type a search parameter. The results will start to appear after three figures are entered.
- Title and URL: The page title and a link to the issue details for the page.
- Click the link. Page Details page opens. In the Data Privacy section, issues are shown in a list along with the severity of the issue.
- From the menu bar at the top of the list, select a status to further filter the list as needed:
- All: View all results.
- High: View results with high severity.
- Medium: View results with Medium severity.
- Low: View results with low severity.
- Ignored: View ignored issues.
Fixed: View fixed issues.
For more information, see the user guide article:
Priority, Severity, Difficulty, and Likelihood.
- In the Settings section, click Action on the same row as an issue. From the drop-down list, select an action to take for the issue. The choices are:
- Ignore on the page
Mark as fixed.
- Click Quick Help for an explanation of the issue and suggestions on how to resolve it.
- Click X to navigate back to the Content with Data Issues page.
- Notifications: If the system has a notification, click to view it.
- Views: Approximate number of page views since the last scan. This information is only available when Statistics is enabled.
- Open page details (webpage icon). This redirects to the Data Privacy details page where users can see the data policy issues for the page, as determined by the last scan.
Click on an issue in the list. The pane to the right updates with information and help about the issue.
Action: Select the Action button for a drop-down menu with options on how to handle the issue.
The available actions are:
- Ignore on the page: Select this option to ignore the issue on this page, for current and future scans.
- Mark as Fixed: Select this option when you have fixed the issue.
Note: The difference between Mark as Fixed and Ignore is that issues marked as Fixed are still included in future scans and can be flagged again if the error persists. Issues that are set to Ignore are permanently omitted from future scans and compliance scores.
Open Issue Page: With an issue selected, click Open Issue Page (an i for information icon) on the information pane.
For more information, see the user guide article:
Issue View.
- Redirect to page: Click to navigate to the page URL and view the page as an external visitor.
Data Issues¶
Select this option from the menu on the left side of the Data Privacy page.
The Data Issues page opens. Issues are shown in a list along with the severity of the issue.
See user guide article: Priority, Severity, Difficulty, and Likelihood for a detailed breakdown of the levels of severity.
- From the menu bar at the top of the list, select a status to further filter the list as needed:
- All: View all results.
- High: View results with high severity.
- Medium: View results with Medium severity.
- Low: View results with low severity.
- Ignored: View ignored issues.
- Fixed: View fixed issues.
Export: Click to export the list. A dialog box opens. Select Content with Data Issues Export.
A message informs that, "Your export is currently being generated, you will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or use the provided button Go to My Exports.
- Filter (the funnel icon):
- Data Regulations: Click to filter for Data Regulations. This list is populated with the selections that you made during setup. See the Regulatory Templates section in this document for an explanation of each selection. Here are some of the fields that may appear in a setup:
- Issue Type: Click to filter for Issue Type. This list is populated with the selections that you made during setup. See the Regulatory Templates section in this document for an explanation of each selection. Here are some of the fields that may appear in a setup:
- Banking Data
- General personal data
- Healthcare
- National ID
- Personal technical
- Product identifier
- Sensitive personal data
- Taxpayer ID
- Technical
- Other.
- Type-Issue: A symbol indicates the type of issue and the name.
- Check name: The name of the check that flagged the issue in the scan.
Likelihood: This rating indicates the level of certainty that the issue is accurate.
Likelihood ratings are divided into the three following categories:
- Possible
- Likely
- Very Likely
For more information on likelihood and how it is determined, see the user guide article:
Priority, Severity, Difficulty, and Likelihood.
- Help center: Click for an explanation of the issue and suggestions on how to repair it.
- Pages: The number of pages where the issue occurs. Click to navigate to the page view.
- Title and URL
- Views
- Open page details: On the same row as a page, click the Page icon to navigate to the overview of the page. This view shows the data policy issues for the page as determined by the last scan.
Redirect to page: Click to navigate to the page URL and view the page as an external visitor.
Tip: If it is installed, use the web browser extension to identify the placement of the errors on the page, repair the errors, and more.
For more information, see the user guide article:
Web Browser Extension.
- Click X to exit this view and return to the main Data Issues page.
- Severity: See the Severity Levels section of this document for a breakdown of the levels of severity.
Checklist¶
Select this option from the menu on the left side of the Data Privacy page.
The Check List page opens. The list contains all of the checks from the most recent scan, both with and without issues.
- Issues are shown in a list along with the severity of the issue. From the menu bar at the top of the list, select a status to further filter the list as needed:
- High: View results with high severity.
- Medium: View results with Medium severity.
- Low: View results with low severity.
- Passed: List of all items that the scan included which are compliant and designated as Pass.
- Export: Click to export the list. A dialog box opens. Select your export file:
Content with Data Issues Export.
A message informs that, "Your export is currently being generated, you will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or click Go to My Exports on the message dialog.
- Filter (the funnel icon): Click to filter for Data Regulations. This list is populated with the selections that you made during setup. See the Regulatory Templates section in this document for an explanation of each selection. Here are some of the fields that may appear in a setup:
- Data Regulations:
- Issue Type: Select to filter by the type of issue as designated in the scan setup. See the Setup section in this document for instructions on how to add or remove additional checks to the scan.
- Country: Select a country to filter for. Country-specific items are added to the scan in the setup. See the Setup section of this document for instructions on how to add or remove additional country checks to the scan.
- Search: Click in the dialog box and type a search parameter.
- Table: The table headers are:
- Type: A symbol indicates the type of check. Hover the mouse over the symbol for a text explanation.
- Check name: The name of the check. See the Setup section of this document for more information on how to edit and view the checks that the scan is set up for.
- Help Center: Click for an explanation of the issue and suggestions on how to repair it.
- Country: This field shows the country name for checks that are country-specific.
- Compliance: The percentage of compliance that this check achieves.
- Pages: The number of pages that contain the error, as determined by the last scan.
- Severity: This rating indicates the level of risk associated with the data, with regards to potential threats to organizational assets, organizational operations, and individuals should it be disclosed without authorization. See the Severity Levels section of this document for a breakdown of the levels of severity.
Consent Overview¶
Select Consent Overview from the menu on the left side of the Data Privacy page.
The Consent Overview page opens.
This is an overview of user cookie acceptance rates, as well as the consent log that stores the cookie categories that the users have consented to.
- From the expanded list, select:
For more information, see the user guide article:
Consent Manager.
Data Privacy Score¶
The compliance score for data privacy check is calculated as follows:
The scan is done on each domain for several data privacy checks. To calculate the compliance score for the domain, we calculate the average. For example: the total sum divided by the total amount of data privacy checks that the scan looks for on the domain.
Data Privacy Reports¶
This section gives information about the available data privacy reports.
The report is delivered to the email addresses for the persons assigned to receive this report.
The available report for Data Privacy is:
- Data Protection Summary report.
- Click Schedule This Report (calendar icon) on the same row as the report to receive the report as an email attachment. Multiple selection is allowed.
- Click Open Report (eye icon) to get the newest report.
- Click Report Administration (gear icon) to add other users to receive the report.
For more information, see the user guide article:
Report Center.
Additional Resources¶
For more information about the topics covered in this chapter, see the user guide articles: