CDS Web Analytics Policy Checklist
The goal of this checklist is to make it easy for any CDS delivery team to make sure their service’s use of web analytics is in line with the Standard on Privacy and Web Analytics (SPWA).
Questions? Ask the policy advisor on your delivery team, or anyone on the CDS policy team! #policy on Slack is a great place to start.
IP anonymization is enabled. The SPWA requires that we enable IP anonymization for any web analytics tool we use, so that it does not store personal information.
Google Analytics:
- To enable anonymization, you need to modify the product code that loads GA. The approach varies depending on how GA is integrated into the product. Google has a site describing its IP anonymization process, with some links describing how to enable it.
- Once anonymization is enabled, you can verify that the product is anonymizing IP addresses:
- Load the product’s site in either Chrome or Firefox.
- Right click on the page and choose “Inspect” or “Inspect element” in the menu that appears.
- A new window should appear. This is the developer tools window. Navigate to the “Network” tab and refresh the product site to load new data. (This tab lists all the resources loaded to display a webpage.)
- In the Network tab’s filter box, type “collect”. There should now be one entry in the list, something that starts like “collect?v=1&”. Select it.
- In Chrome, choose the “Headers” sub-tab and scroll to the “Query String Parameters” section. In Firefox, choose the “Params” sub-tab. You want to see “aip: 1” in the list. If it’s there, IP anonymization is enabled!
All other analytics options that collect personal information are disabled
Google Analytics:
- This includes disabling demographic data (eg. extrapolates and stores info re: age, gender of users).
- Review Best practices to avoid sending Personally Identifiable Information with a developer on your team to ensure no personally identifiable information is inadvertently being transmitted to Google.
Data retention period is set for max 6 months, or the shortest option available
Google Analytics:
- Set data retention period at 14 months. Google Analytics doesn’t allow a retention period shorter than this, and most of the data collected by GA is exempt from the 6 month retention limit because it’s aggregated.
The service’s privacy notice meets all of the following requirements, as set out in Appendix B of the Standard on Privacy and Web Analytics:
- A statement setting out the legislative authority for the collection of this information.
- An explanation of what Web analytics is and the purposes for use of Web analytics tools by the institution.
- A statement as to what specific personal information, including the IP address, is being automatically collected from visitors by the government institution.
- A statement advising visitors as to whether the Internet Protocol (IP) address and other data in digital markers is being collected and used internally by the institution for the purpose of Web analytics or is being disclosed or transmitted externally to a third party for that purpose.
- In cases where the IP address and other data in digital markers is disclosed or transmitted to a third party, an explanation of how the privacy of visitors to Government of Canada websites is being safeguarded through, at a minimum, the activation of the third-party anonymization feature whereby the third party depersonalizes the IP address.
- If data disclosed or transmitted for Web analytics is going outside of Canada, for example to the United States, a statement to that effect along with reference to any governing legislation that the information might be subject to, for example the USA Patriot Act.
- A statement as to the maximum retention period for any personal information collected in relation to Web analytics.
Decide if/when to stop collecting data through a CDS-owned analytics platform
- CDS may or may not continue to collect analytics data after a service is transitioned to a partner.
- As long as CDS is collecting analytics data (eg. via a CDS-owned instance of Google Analytics), CDS’ collection authority must remain in the privacy statement.