For many digital businesses, ensuring customer privacy can feel like a shot in the dark. With thousands of visitors, complicated web architecture, and ever-changing regulations, it can be hard to keep up with the sensitive information that may be hidden on your site.
At Fullstory, we are dedicated to helping you protect your customers' privacy. That's why we've added a new feature to Fullstory's privacy capabilities to illuminate the places sensitive Personally Identifiable Information (PII) may exist on your site.
Detections, coupled with Private by Default and other powerful privacy features, makes Fullstory the most privacy-forward DXI platform.
In addition to offering customers a solution to prevent sensitive data capture, Fullstory now also offers customers the ability to detect when, where, and what type of sensitive PII might appear unblocked on your site and quickly remediate issues with Detections.
Read on to learn more about the benefits of Detections in Fullstory.
How Detections gives you greater peace of mind
Gain more oversight and visibility into your app
Detections makes the unknown known by monitoring your digital environment and uncovering the places sensitive user data may be buried. Detections ensures there's no PII hiding in your site's nooks and crannies.
Instead of: Being unaware of sensitive information being collected on your site
Websites today are built on an ecosystem of third-party software that can change without notice, and leak data unknowingly. Additionally, browser extensions can mix your site's content with content from third parties, exposing you to sensitive data in unexpected places.
Proactively and efficiently prioritize privacy
Detections automatically monitors your site for select categories of sensitive data, such as credit card numbers and passwords, and automatically identifies and categorizes PII, so your teams can take action quickly. Detections locates issues in real-time, minimizing any impact.
Instead of: Relying on incomplete, reactive, expensive, and time-consuming site audits
Auditing your site could take weeks and, even then, any completed audit is immediately outdated because sites are dynamic and always changing. Site audits are also labor- and time-intensive, employing consulting companies or requiring engineers to shift focus from product to detective work.
Make optimized privacy decisions
Knowing when, where, and what type of data is collected on your site empowers you to go forward confidently knowing your team has the right visibility and context with Detections to make informed decisions that preserve user privacy.
Instead of: Making uninformed decisions that rely on guesswork and leave you constantly worried your data isn’t compliant
It can be difficult to gather of all the information you need to make an informed decision about PII and privacy—when you need to take action immediately. These gaps can put you and your company's and your customers' privacy at risk.
How Detections works
Detections can be thought of as two pieces:
1. Constant monitoring and categorization: Analytics run across the perimeter of your website and digital properties to proactively identify and categorize sensitive PII.
2. Triage and remediation: A centralized inbox in Fullstory that aggregates Detection events in a table and provides methods of triaging and remediation.
Triaging and remediating a detection event
The first step in triaging a Detection event is determining if the sensitive data identified is a true positive. Fullstory makes this easy for you, by aggregating Detections events in a table with additional details available, including Sessions. Clicking into any of these sessions will bring you to the playback page and will highlight the specific Detection event.
If the Detection event is a false positive, (like when the detected sensitive data is not truly sensitive), you can create an "ignore rule" directly from that event. An ignore rule specifies that a particular data source, such as a specific DOM element, is known to not contain sensitive information. Data sources matching ignore rules will not appear in the Detections inbox, allowing you to focus on the events that matter.
For true positives, you can easily delete the data and block it from future capture.
Teams using Fullstory are uniquely empowered to precisely control their digital experience data, tailor privacy for their needs, understand privacy best practices, ensure and preserve user privacy, and continuously improve their privacy controls.
Detections is now available to a subset of customers, and will be available to all customers in early 2023. Learn more about getting started with Detections in Fullstory here.