Public Beta — keep data safe
It is important you maintain the highest levels of privacy and security for your analytics data when your service enters public Beta.
Keep data anonymous
Privacy is important. Anonymous data is all you need to understand how people use your service. Understand how to avoid capturing personally identifiable information (PII).
Why it's in the guide
We rely on the trust of our users to continue to collect and use their information. Focusing on anonymous and aggregated information reduces the risk of a privacy spill and allows us to share the data we collect. Our users also expect us to tell them about the secondary uses of the data we collect, so they can continue to make informed decisions about their information.
How to keep analytics data anonymous
- Never track email addresses or any other kind of personally identifiable information (PII) in Google Analytics. You can find more information about PII and common forms of identifiable information on the Office of the Australian Information Commissioner (OAIC) website.
- Intranets and other authenticated systems sometimes use private information to personalise their experience. Analytics software can capture and store this information on overseas servers. Review your site’s design to make sure you do not accidentally capture sensitive information in your analytics environment. For example, if your site captures user information and then uses it to personalise their interactions, this data may be inadvertently captured by your analytics software.
- There are some privacy protections in Google Analytics which can affect analysis. This will also help you communicate clearly with data. For example, Google Analytics collects information on where users are accessing a service from. However, Google Analytics’ design shifts traffic toward highly populated areas. This makes it difficult to understand rural or remote user behaviour, but also protects smaller communities where re-identification is a risk.
Tracking PII in Google Analytics is against the platform’s terms of service and potentially a breach of the privacy principles — even if you collect the PII accidentally. Audit your accounts regularly for PII. If you don’t know if you are capturing PII, get in touch with us at email@example.com