Public Beta — keep data safe

It is important you maintain the highest levels of privacy and security for your analytics data when your service enters public Beta.

Keep data anonymous

Privacy is important. Anonymous data is all you need to understand how people use your service. Understand how to avoid capturing personally identifiable information (PII). 

Why it's in the guide

We rely on the trust of our users to continue to collect and use their information. Focusing on anonymous and aggregated information reduces the risk of a privacy spill and allows us to  share the data we collect. Our users also expect us to tell them about the secondary uses of the data we collect, so they can continue to make informed decisions about their information.

How to keep analytics data anonymous

• Never track email addresses or any other kind of personally identifiable information (PII) in Google Analytics. You can find more information about PII and common forms of identifiable information on the Office of the Australian Information Commissioner (OAIC) website.
• Intranets and other authenticated systems sometimes use private information to personalise their experience. Analytics software can capture and store this information on overseas servers. Review your site’s design to make sure you do not accidentally capture sensitive information in your analytics environment. For example, if your site captures user information and then uses it to personalise their interactions, this data may be inadvertently captured by your analytics software.
• There are some privacy protections in Google Analytics which can affect analysis. This will also help you communicate clearly with data. For example, Google Analytics collects information on where users are accessing a service from. However, Google Analytics’ design  shifts traffic toward highly populated areas. This makes it difficult to understand rural or remote user behaviour, but also protects smaller communities where re-identification is a risk.
• Consider applying IP masking in your Google Analytics javascript code. This will remove the last octet of an IPv4 address. Google provides more information on IP masking at https://support.google.com/analytics/answer/2763052?hl=en.

Tracking PII in Google Analytics is against the platform’s terms of service and potentially a breach of the privacy principles — even if you collect the PII accidentally. Audit your accounts regularly for PII. If you don’t know if you are capturing PII, get in touch with us at analytics@digital.gov.au