Privacy functionality by feature

Abstract

Overview of the data privacy features in Sitecore xConnect and the Email Experience Manager.

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you on your data privacy compliance journey. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal data. Your resulting implementation is based entirely on your own configuration choices.

The platform includes features that were specifically created to support responsible processing and storage of personal data. Refer to the data rights section for features organized by data right.

xConnect and data privacy

xConnect includes the following features:

Email Experience Manager and data privacy

The Email Experience Manager (EXM) includes the following features:

  • Extends xConnect with a ClearSupressionListWhenExecutingRightToBeForgotten service plugin. This plugins removes email addresses from the suppression list (where relevant) and executes each time the right to be forgotten is executed.

  • Extends xConnect with a EmailAddressHistory facet that every email that a contact has ever used. This facet is marked [PIISensitive], which means that it is cleared when the right to be forgotten is executed. Events such as EmailEvent have a EmailAddressHistoryEntryId property that matches an ID of an email address in the EmailAddressHistory facet. This ensures that email addresses are never stored as event data, which is not cleared when the right to be forgotten is executed.

  • Includes a double opt-in process that cannot be disabled or changed to single opt-in.

  • Includes default campaign templates with the option to unsubscribe from current or all email campaigns.

  • Respects properties of the ConsentInformation revoked facet. See QueueMessage processor in the EXM pipelines documentation.