Privacy functionality by feature

Version: 10.3
Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

The platform includes features that were specifically created to support responsible processing and storage of personal information. Refer to the data rights section for features organized by data right.

xConnect and data privacy

xConnect provides the following features:

  • Allows you to mark contact facets or facet properties that contain personal information as [PIISensitive]. See  Facets for more information.

  • Allows you to clear a contact’s personal information by executing the right to erasure.

  • Allows you to export a contact's facets and interaction history.

  • Includes a generic ConsentInformation facet that is set when the right to erasure is executed.

Web tracking and data privacy

Sitecore 10.0 and later provides API calls and configuration options that make it easier to enforce explicit consent for tracking a contact's activity on your websites.

Email Experience Manager and data privacy

The Email Experience Manager (EXM) provides the following features:

  • Extends xConnect with a ClearSupressionListWhenExecutingRightToBeForgotten service plugin. This plugins removes email addresses from the suppression list (where relevant) and executes each time the right to erasure is executed.

  • Extends xConnect with a EmailAddressHistory facet that contains every email that a contact has ever used. This facet is marked [PIISensitive], which means that it is cleared when the right to erasure is executed. Events such as EmailEvent have a EmailAddressHistoryEntryId property that matches an ID of an email address in the EmailAddressHistory facet. This ensures that email addresses are never stored as event data, which is not cleared when the right to erasure is executed.

  • Includes a double opt-in process that cannot be disabled or changed to single opt-in.

  • Includes default campaign templates with the option to unsubscribe from current or all email campaigns.

  • Respects properties of the ConsentInformation revoked facet. See QueueMessage processor in the EXM pipelines documentation.

Do you have some feedback for us?

If you have suggestions for improving this article,