1 Reply Latest reply on Oct 31, 2016 10:34 AM by Sanford Whiteman

    Google Personally Identifiable Information (PII) Policy vs. GET parameters

      Hi All;

      we're currently using lead fields as GET parameters in URLs of our landing pages to pre-populate forms for known leads. E.g. www.mylandingpage.com?{{lead.First Name=}}&{{lead.Last Name=}}&{{lead.Email Address=}}

      Recently, Google released a note about Personally Identifiable Information (PII). According to that note, if we build a URL that contains lead's personal info using GET parameters, and use that URL in any of Google services (e.g. AdWords, Analytics etc.), that will count as publishing lead's personal data. And "In the interests of protecting end user privacy, Google ads product policies mandate that publishers must not pass any data to Google that Google could use or recognize as personally identifiable information (PII)"; otherwise they will disable our remarketing lists.

       

      Did any of you face the same issue, and do you have any experience in / ideas about resolving it?

       

      We tried using Marketo Lead ID as the only GET parameter, as it's a unique identifier associated with lead's personal data. But that's even less safe: replace one character in the ID and if you're lucky, you get another lead's data in your form.

       

      Is there any proven workaround like encrypting the field values in the URLs?

       

      Thanks!

        • Re: Google Personally Identifiable Information (PII) Policy vs. GET parameters
          Sanford Whiteman
          We tried using Marketo Lead ID as the only GET parameter, as it's a unique identifier associated with lead's personal data. But that's even less safe: replace one character in the ID and if you're lucky, you get another lead's data in your form.

           

          The only way passing an ID populates a form is if you're using the API to query the lead database. This is already a bad design because you're vulnerable to an easy DoS, so I wouldn't put PII leakage as the main problem there!

           

          Also wouldn't worry foremost about the issue of guessing other IDs. The question is whether this ID can be used to lookup this lead's PII (and it can, since your form is basically a UI to do that lookup).

           

          And even if you encrypted the query params, you're still providing a form that decrypts them automatically.  As the saying goes, data that is decrypted without user intervention is not secure (usually said with regard to saved "encrypted" passwords, but same idea).

           

          Bottom line: don't use GET to pass this information.