Manage personally identifiable information


Accessing and processing of Personally identifiable information (PII), such as contact emails, is regulated by the law in multiple key markets. Thus, it is important for account and data center administrators to be able to manage which Sitefinity Insight users have access to the visitors PII.
For more information about PII in Sitefinity Insight, see Personal data collected, processed, and stored by Sitefinity Insight.

In this article, you learn how to manage access to contact information and what data is available to you, if you are using an account without the permission to access PII.

Accounts without PII access

If you are using a Sitefinity Insight account, which does not have permission to see PII, you have the following restrictions:

  • If you navigate to a report that contains contact emails, you see obfuscated emails.
    The affected reports are Personas, Lead scorings, Segment discovery, and Contacts.
  • The Contacts report has PII-related fields removed, such as name, country, company, job title, gender, address, and phone. The e-mail address is obfuscated.
  • If you use any Sitefinity Insight API calls, which return contacts PII, the PII-related information is either obfuscated or the API call returns status code 403.
    For more information, see the documentation for every particular call for description of its behavior.
  • You cannot export contacts.
  • You cannot perform operations, such as deleting or exporting personal data.

Invite new users

Your can manage whether Sitefinity Insight users can access PII when you invite them. Both account administrators and data center administrators can manage whether the users they invite can access PII. The following limitations apply:

  • Account administrators can always access PII, because the Sitefinity Insight security model assumes that they have full access to the data stored in the account.
  • If a data center administrator cannot access PII, they cannot grant this permission to newly invited users. This is to prevent escalation of privileges.

    For more information, see Invite users.

Check the users access level

Sitefinity Insight administrators can see the PII access permissions for the user accounts they manage.

If you are an account administrator, in Sitefinity Insight, navigate to Administration » Users.
The table column Access visitors PII displays the access permissions for each Insight user account. The following options are available:

  • Not allowed
    The user account cannot see the PII for any data center they can access.
  • Allowed in <list of data centers>
    The user account can see the PII for some of the data centers they can access. The names of the data centers are displayed in the table.
  • Allowed
    The user account can see the PII for all data centers they can access.

If you are a data center administrator, to check your permissions to see PII, perform the following:

  1. In Sitefinity Insight, navigate to Administration » Data centers.
  2. Click the name of the data center that you want to manage.
  3. Click Access.

In the table, you see the column Access visitors PII with the following options:

  • Allowed
    This user account can see the PII for visitors stored in this data center.
  • Not allowed
    This user account cannot see the PII for visitors stored in this data center.

Was this article helpful?