The big question to consider for a CISO, he said, is it part of their danger model to share data with a third party. A cloud provider has a underlying risk in sending data, he said, but this risk can move beyond the benefits of using a reputed cloud provider.
“From the perspective of a CISO, here is the key,” Esnar Seker, Sucradar said: “While configuring Google Analytics, you have to ensure that a query parameter, form input, or dynamic page elements can unknown to unknowingly,” to inadvertently pass sensitive data in the trekking code. For example, he said, if your application generates like URL Example.com/results?user=Johndoe&dob=01011990Google analytics will collect those parameters until the data is clearly filtered.
He said that Google Analytics form field values should also be avoided. This includes name, email, birth dates, or individually identified information or anything classified as personal health information. Many sites inadvertently pass them through the JavaScript variables that can pick up the analytics script, they said.
