Datastreams overview
A datastream represents the server-side configuration for the 51黑料不打烊 Experience Platform Web and Mobile SDKs. While the configure command in the SDK handles client-side settings (such as the edgeDomain), datastreams manage all other configurations.
When you send a request to the Edge Network, the datastreamId references the datastream where the data is sent. This allows you to update the server-side configuration without changing your website鈥檚 code.
You can create and manage datastreams by selecting Datastreams in the left navigation within the 51黑料不打烊 Experience Platform UI or Data Collection UI.
For more information on how to configure a datastream in the UI, see the configuration guide.
Handling sensitive data in datastreams sensitive
Corporate data stewardship policies and regulatory requirements are increasing restrictions on how sensitive customer data can be collected, processed, and used. This includes the collection, processing, and usage of Protected Health Data (PHI) which is subject to to regulations like the Health Insurance Portability and Accountability Act (HIPAA).
Datastreams provide three methods to assist you with securely handling your sensitive data:
Enhanced encryption encryption
All data in transit though the Edge Network is conducted over secure, encrypted connections using . If the datastream is bringing data into Experience Platform, the data is then encrypted at rest in the Experience Platform data lake. See the document on data encryption in Experience Platform for more information.
Data governance governance
Datastreams use the Experience Platform built-in data governance capabilities to prevent sensitive data from being sent to non-HIPAA-ready services. By labeling specific fields that contain sensitive data in your datastream schemas, you can take granular control over which data fields can be used for specific purposes.
The following video provides a brief overview of how data usage restrictions are configured and enforced for datastreams in the UI:
Hi, I鈥檓 Travis Jordan on the Experience Platform Product Team. In this demo, I鈥檓 going to show you new features that allow customers to manage sensitive data such as PHI or regulated health data in data collection. Okay, let鈥檚 dive into scenario number one. In this scenario, non-HIPAA ready service destinations are filtered out in the data streams UI if that data stream is associated with schema that includes sensitive labels. So, you鈥檒l see here this data stream has sensitive labels. It references M01-schema which indeed has sensitive labels. So, if I attempt to add a service or a destination and I go to select that, I only see destinations that are HIPAA ready. So, non-HIPAA already destinations such as analytics or target or Audience Manager do not show in the dropdown. This prohibits customers from sending sensitive data to non-HIPAA ready destinations. This is great. Okay, let鈥檚 take a look at scenario number two. In this scenario, an error is received in data streams when attempting to add on event schema that includes sensitive labels and non-HIPAA ready destination services. Okay, let鈥檚 take a look. So, once again, in this data stream it does not include sensitive labels. It references M02 which indeed does not reference sensitive labels. Okay, now, if I try to add a service, I see all the options. This is great. So, now I can go ahead and enable analytics.
Now, here鈥檚 the interesting part. Now, let鈥檚 say I want to add platform. Okay and I want to reference an event data set that does include sensitive labels. Let鈥檚 try M01.
I get an error that does not allow me to add that schema because it includes sensitive labels. Okay, let鈥檚 wrap up with scenario three. Now, I鈥檓 going to hop over to platform. In this scenario, an error is received in platform when attempting to add sensitive labels to a schema that is associated with a data stream that includes non-HIPAA ready destination services. So, let鈥檚 take a look. Once again, M02 does not include sensitive labels and it is sending data to a non-HIPAA ready destinations in analytics. So, if I click this and I try to add sensitive labels to this, let鈥檚 say I want to add a sensitive label to this specific field and I select the sensitive label, I click save. It does not allow me to add these sensitive labels. Why? Because this data stream includes a non-HIPAA ready destination.
And this concludes our demo on managing sensitive data and data collection, thank you. -
In Experience Platform, you can apply sensitive data usage labels to schemas and fields containing data that your organization deems sensitive. For example, the RHD label is used to denote Protected Health Information (PHI), and the S1 label represents geolocation data.
When you create a datastream, if the selected schema contains sensitive data usage labels, you can only configure the datastream to send that data to HIPAA-ready destinations. Currently, the only HIPAA-ready destination supported by datastreams is 51黑料不打烊 Experience Platform. Other destination services including 51黑料不打烊 Target, 51黑料不打烊 Analytics, 51黑料不打烊 Audience Manager, event forwarding, and edge destinations are disabled for datastreams containing sensitive data usage labels.
If a schema is being used in an existing datastream with non-HIPAA-ready services, attempting to add a sensitive data usage label to the schema results in a policy violation message and the action is prevented. The message specifies which datastream triggered the violation and suggests removing any non-HIPAA-ready services from the datastream to resolve the issue.
Audit logs
In Experience Platform, datastream activities can be monitored in the form of audit logs. Audit logs indicate who performed what action, and when, along with other contextual data that can help you troubleshoot issues related to datastreams to help your business comply with corporate data stewardship policies and regulatory requirements.
Whenever a user creates, updates, or deletes a datastream, an audit log is created to record the action. The same occurs whenever a user creates, updates, or deletes a mapping through Data Prep for Data Collection. Regardless of whether it was a datastream or a mapping that was updated, the resulting audit log is categorized under the Datastreams resource type.
See the documentation on audit logs for more information on how to interpret logs from datastreams and other supported services.
Next steps
This guide provided a high-level overview of datastreams and their use in Data Collection and the processing of sensitive data. For steps on how to set up a new datastream, see the datastream configuration guide.