0
0
Documentation Privacy Configuring for Maximum Privacy: A Guide to Avoiding PII Data Collection

Configuring for Maximum Privacy: A Guide to Avoiding PII Data Collection

Privacy Audit

Check out Privacy Audit for detailed instructions on ensuring your WordPress Statistics settings meet privacy standards.

In our ongoing commitment to privacy and compliance, we understand the importance of configuring WP Statistics in a way that respects user privacy while providing valuable insights. This guide focuses on key settings within WP Statistics that may impact the collection of Personally Identifiable Information (PII) and how to manage these settings responsibly.

Record User Page Views

The “Record User Page Views” feature, located under the “Basic Tracking” tab in the “Visitor Analytics” section, allows site administrators to track and save each logged-in user’s page views, including their WordPress user ID. This functionality provides detailed insights into individual user behavior on your website.

Privacy Considerations

Enabling this feature has significant privacy implications, as it involves the collection of data that could potentially identify individuals. Therefore, it’s crucial to handle this data with care and ensure compliance with privacy laws and regulations.

Recommendations for Use

  1. Transparency: If you choose to enable the “Record User Page Views” setting, it is essential to clearly disclose this practice in your website’s privacy policy. Your disclosure should include details about the information being tracked, such as page views, browser information, and WordPress user IDs for logged-in users. For comprehensive details on what we collect, please refer to our documentation page: What We Collect.
  2. Informed Consent: Ensure that users are aware of and consent to this data collection. This can be achieved through clear communication and, where applicable, obtaining explicit consent in line with privacy regulations.
  3. Default Settings and User Control: By default, the “Record User Page Views” feature is disabled to prioritize user privacy. We recommend only enabling this feature if it is necessary for your site’s objectives and if you have implemented the above transparency and consent measures. Should you decide to stop recording user IDs, the feature can be easily disabled. Additionally, WP Statistics provides an option to delete existing user IDs from your tracking data, further enhancing privacy. For guidance on removing user IDs from your database, please visit: Removing User IDs From Your Database.

Anonymize IP Addresses

IP addresses are considered Personally Identifiable Information (PII) under various privacy laws and regulations due to their potential to identify individual users. Recognizing the importance of user privacy, WP Statistics includes a feature to anonymize IP addresses, enhancing user anonymity across your website.

Located in the “User Data Protection” tab under the “Data Protection” section, the “Anonymize IP Addresses” setting masks the last part of users’ IP addresses. By doing so, it ensures that the complete IP address is never stored or processed, thereby maintaining a higher degree of user privacy.

How It Works

  • Anonymization Process: When enabled, this feature modifies the IP address of each user by hiding its last segment. This process significantly reduces the possibility of identifying the user from their IP address.
    • IPv4 Example: An IP address like 192.168.1.123 becomes 192.168.1.0 before hashing.
    • IPv6 Example: An IPv6 address like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 becomes 2001:0db8:85a3:: before hashing.
  • Enhanced Privacy with Hashing: In addition to anonymizing IP addresses, WP Statistics employs a robust hashing mechanism. If the “Anonymize IP Addresses” option is activated, the system first anonymizes the IP address and then applies hashing. This two-step process ensures even stronger protection of user data by making the re-identification of individuals through their IP address highly improbable.

Default Setting and Best Practices

  • Enabled by Default: To prioritize privacy from the outset, the “Anonymize IP Addresses” feature is enabled by default in WP Statistics.
  • Recommendation: We recommend keeping the “Anonymize IP Addresses” setting enabled to benefit from enhanced user privacy and to align with best practices in data protection.

Hash IP Addresses

This setting applies a secure, irreversible transformation to IP addresses, converting them into unique strings of characters. Hashing serves as a form of pseudonymization, effectively anonymizing the IP address while retaining the ability to count unique views accurately.

Setting Details

Located under the “User Data Protection” tab in the “Data Protection” section, activating the “Hash IP Addresses” feature implements a secure algorithm to hash IP addresses before they are stored. This process transforms each IP address into a distinct, non-reversible string, safeguarding user privacy by making it impossible to backtrack to the original IP.

How It Works

  • Counting Unique Visitors: WP Statistics counts unique visitors based on each HTTP request’s IP address and User-Agent string. To protect privacy, these data points are not used in their raw form. Instead, a hashing mechanism with a daily rotating salt anonymizes the data.
  • Unique Identifier Generation: The formula for generating the unique identifier is hash(daily_salt + ip_address + user_agent). This incorporates a daily-changing salt, the visitor’s IP address, and their User-Agent, ensuring the hash value is unique each day. This method prevents the tracking of users over multiple days, significantly enhancing privacy.
  • Privacy and Compliance: By hashing IP addresses, WP Statistics adheres to stringent privacy regulations, providing a robust solution for website owners concerned about user privacy and legal compliance.

Default Setting and Recommendations

  • Enabled by Default: To foster a privacy-first approach, the “Hash IP Addresses” feature is enabled by default. This ensures that from the outset, user IP addresses are treated with the highest standards of privacy and security.
  • Advisory for Disabling: Should you choose to disable this option, along with “Anonymize IP Addresses,” it’s crucial to understand that raw IP addresses will be recorded, potentially impacting compliance with privacy laws. It is imperative to disclose this practice in your privacy policy (detailed information on what we collect is available here).
  • Converting Previous Data: For users interested in applying this level of privacy retroactively, WP Statistics provides guidance on converting previously recorded IP addresses into hashes. This process is detailed in our resource document, available here.

Store Entire User Agent String

The “Store Entire User Agent String” setting is a specialized feature within WP Statistics designed primarily for debugging purposes. It enables the recording of the full user agent string of visitors, providing detailed insights into the user’s browser and operating system. This information can be invaluable for troubleshooting specific issues on your website.

Setting Details

Found under the “User Data Protection” tab within the “Debugging & Advanced Options” section, this setting should be considered carefully due to its implications for user privacy. The user agent string includes comprehensive details about a user’s browsing environment, which, when stored, could potentially be used to identify individuals.

Privacy Considerations

  • Temporary Use Recommended: This feature is intended for temporary activation during troubleshooting processes and should be disabled once debugging is completed to avoid unnecessary collection of detailed user information.
  • Interaction with Hash IP Addresses: To ensure the privacy of your users, the “Store Entire User Agent String” setting will automatically be deactivated if the “Hash IP Addresses” feature is enabled. This precaution helps prevent the accumulation of data that could be used to identify individuals.
  • Implications for Privacy Compliance: Enabling this feature means that the plugin will record detailed user agent strings, impacting privacy. It is essential to disclose this practice within your privacy policy, highlighting the collection of such data (more information on what we collect is available here).

Default Setting and Management

  • Disabled by Default: To prioritize user privacy, this setting is disabled by default. Users are advised to enable it only when necessary for specific diagnostic purposes.
  • Disabling and Data Management: If you wish to cease the recording of full user agent strings, ensure this setting is disabled. For users looking to remove previously recorded user agent data from their tracking database, WP Statistics offers guidance on how to achieve this. Detailed instructions can be found here.

Legal Disclaimer

This guide aims to assist in configuring WP Statistics for enhanced privacy. However, compliance with privacy laws varies by region and is subject to change. This information is not legal advice.

We strongly recommend consulting with a legal professional to ensure your website complies with all applicable privacy laws and regulations. The responsibility for ensuring legal compliance rests with you, the website owner. Regularly review your privacy practices and seek professional advice to maintain compliance and protect user privacy.