Personally Identifiable Information (PII)
Overview
Personally identifiable information (PII) is data which may potentially identify a specific individual, for example, if a web site includes a full name or e-mail address in the URL, this information may be passed to advertisers as for the most part the URL where a request came from is shared as a referrer, or explicit value to log where an impression was served.
For the most part PII violations are not serious, they could flag something as simple as including an '@' in the URL, however, it's best to avoid them wherever possible, and take into account what could be detected as PII.
You may receive a notice from your yield manager regarding PII violations on your domains, it is imperative that any violations are quickly resolved in order to avoid disabling demand to protect user information.
Types of PII
- Full name
- Home address
- Email address
- Social security number
- Passport number
- Driver’s license number
- Credit card numbers
- Date of birth
- Telephone number
- Log in details
Common Causes
PII in Site URL
Avoid including any email addresses in URLs on your site, for example, if a user john.doe@awesomesite.com logs in, do not include this in the domain like http://awesomesite.com/user/john.doe@awesomesite.com.
Additional things to avoid are:
- email addresses
- mailing addresses
- phone numbers
- precise locations (such as GPS coordinates - but see the note below)
- full names or usernames
Email/Names Included in Ad Server Targeting Key-Values
Avoid sending PII to any ad server targeting key-values as these may be flagged as a violation.
References
Google Analytics - Best practices to avoid sending Personally Identifiable Information (PII)
Google AdSense - Best practices to avoid sending Personally Identifiable Information (PII)
AdManager - Understanding PII in Google's contracts and policies