What is Personal Data or PII?
PII or Personally Identifiable Information is any data that relates to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data include name, residential address, date of birth, IP address, etc.
Organizations can use PII to identify, contact, or locate a user or person of interest as per the agreed business purpose. Any operation or set of operations that are performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction is called as ‘Processing of Personal data’.
The Data Controller is the entity that decides the means and ways to process personal data. MoEngage acts as a Data Controller when it processes its employee data as the employer decides the means and purpose of processing.
The Data Processor is the entity that processes personal data on behalf of the Data controller. MoEngage acts as a Data Processor when it assists our customers in processing personal data of their end users as a part of providing services for use cases decided by the Data Controller (Our Customers).
While certain personal data fields like zip code, date of birth, gender, and passwords may not independently identify an individual, they become PII when combined with other personal data fields that, collectively, can uniquely identify a living person.
Safeguarding PII at MoEngage
MoEngage provides three options for safeguarding PII data. These options cater to different business and operational requirements. You can select the most suitable approach for your needs: Data Masking, Data Encryption, and/or tokenization.
Sending PII to MoEngage
If you choose to send PII to MoEngage, you can utilize the following functionalities to safeguard the data:
-
PII Masking
MoEngage allows you to designate specific attributes as PII and mask them to ensure security. Only administrators have access to view and download this data. For more information, see PII Masking. -
PII Data Encryption
MoEngage provides the capability to encrypt PII data stored within its systems. Any user or event attributes marked as PII can be encrypted. By default, encrypted attributes also have masking enabled. These attributes are not visible or downloadable from the MoEngage dashboard. For more information, see PII Data Encryption.
Not Sending PII to MoEngage
If you decide not to send PII to MoEngage, you can leverage the following functionality to enable your workflows:
-
PII Tokenized Sending
To ensure complete user anonymity, MoEngage supports tokenized sending. This approach fetches PII data at runtime, eliminating the need to store it within MoEngage. For more information, see PII Tokenized Sending.