GDPR and Privacy: "anonymize person" flow step

GDPR and Privacy: "anonymize person" flow step

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

  • Cookie IDs attached to the person
  • Inferred and system data such as the IP address
  • Data value changes in the activity logs
  • Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg

56 Comments

I have not heard from Marketo PM on this one. The idea is getting a very strong traction, has reached 3000+ points in less than 2 months.

I can see a few issues with the idea of deleting the records:`

  • if for any reason you have to recompile the program membership results for instance, it will break
  • If you extract data to an external dataware house, a anonymous lead with a refgular activity log is better than no data

Greg

The Fills out Form activity has also to be anonymized, BtW. So much as it is kept by default 25 months...

-Greg

Level 10 - Champion Alumni

Yeah, given the popularity of this in such a short timeframe - and knowing that Marketo reviews these ideas on a very regular basis - I would have thought we at least would have received some sort of status change, like "we like it".  But as we all know, that doesn't necessarily mean it's on the roadmap.  There are many "we like it" ideas that were tagged as such for years.

Edited to add the Fills out form activity

GA is doing this in a manner so aggregate reporting remains but individual personal data doesn't. There has to be a way for Marketo to do the same.

Interesting idea.

Only issue I foresee with this, is depending on how the duplication settings of your instance are set up, you could have issues. 

  • I believe out of the box > if the same cookied machine submits a form with different email addresses, two lead records are created. 
    • If you are anonymizng those records because of GDPR > you will not want the above to happen because you will want the tracking to stay intact across one lead record
Level 6 - Champion

This is a great idea!!

Hi Michael,

AFAIK, when a second person comes on the same cooked machine as a previous one, the cookie value remains attached to the first person.

But anyway, the anonymization would apply to a person, not a cookie. And when anonymise, that person's cookie values would be discarded. And since a cookie value can only be linked to 1 person and only one, other persons with different cookie values would be untouched.

Greg

Level 5

Great idea. essential tool to be compliant but keep runnings stats.

Level 7 - Champion Alumni

Any response from Marketo yet, Grégoire Michel ??

Guessing no as we have less than a day!