This article gives information about how to set up and use the Monsido Data Privacy feature.
Article Navigation
Introduction
This module allows website owners to prove that they are actively working to be compliant with local regulations. Automate the management of personal data by scanning text (as opposed to HTML), and use Google’s Data Loss Prevention API to analyze the scanned data. Once scanned, the website data is sent directly to the Google API for analysis. The Data Privacy module scans domains to find potential data privacy issues. View the scan results by severity level and the number of pages affected by the issue.
The Data Privacy feature is based on the Google Cloud Data Loss Prevention API, and is updated when the API is updated.
Severity and Likelihood
To find out more about how Monsido calculates the prioritization of errors, as well as the severity and difficulty level, see the User Guide chapter:
Setup
This section gives instructions on how to set up the Data Privacy feature in Monsido.
Click Admin Settings (gear icon) on the Domain Overview page toolbar.
Note: Only admin users can access this button.
The Domain Settings page opens.
On the same row as a domain, click Action.
The Action menu expands.
Select Edit Domain. The Edit Domain page opens.
Locate the Features section.
Turn the Data Privacy switch to ON. This activates the module and adds the link to configure the settings.
Click the link Open Data Privacy Settings, located beside the Data Privacy button. The Domain Data Privacy Settings page opens.
Locate the Choose what to Scan section.
Toggle the appropriate switches to ON. The required settings in the Global requirements list are automatically selected. The choices are:
GDPR: General Data Protection Regulation applies to any EU company and requires that all personal data that is collected and/or processed is made transparent, including the disclosure of the purpose for data collection.
CCPA: The California Consumer Privacy Act is basically a set of regulations that apply to organizations that collect personal data on any California resident.
APA: Australia's Privacy Act includes thirteen codes of conduct with regards to the disclosure of personal information.
Websites, companies, and organizations that operate in Australia must follow these codes of conduct in order to be compliant.
SHIELD: The Privacy Shield Program Overview is a mechanism for companies to use to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
PIPEDA: The Personal Information Protection and Electronic Documents Act of Canada applies to transfers of personal information to a third party operating outside of Canada.
Tip! If your region/regulation is not on this list, it is possible to customize the settings to create specific requirements. Just select the regulation that is most similar and tick/untick the boxes to add or remove specific items from the scan.
Note: Monsido uses the Google Cloud InfoType detector reference to identify potential security violations.
Click Save Preferences. The Domain Data Privacy Settings pane closes. The Edit Domain page is visible again.
Click Save. The Edit Domain page closes.
A new Data Privacy report is in the Data Center after the next scan. Choose users to send the report to automatically after every data privacy scan.
The data privacy issues are stored in the History Center for quick reference. See the status and number of issues that the scan finds, as well as issues that are repaired.
For more information, see the User Guide chapters:
Instructions
This section gives instructions on how to navigate to the Data Privacy feature and correct errors detected by the Monsido scan.
Click Select Domain to expand the Domains list.
Select the domain to open.
The Dashboard for the domain opens.
Click Data Privacy (the lock icon), on the toolbar. The Data Privacy page opens.
Summary
Select this option from the menu on the left side of the page.
The Data Privacy summary page opens. There are three sections:
Most serious issues found: The list shows the name of the issue, the number of pages it occurs on, and the level of risk. The severity of the issues is determined by the following:
Risk severity: This rating indicates the level of risk associated with the data, with regards to potential threats to organizational assets, organizational operations, and individuals should it be disclosed without authorization.
For more information, see the User Guide chapter:
Number of visitors: The number of visitors to the page since the last scan.
Number of pages: The number of pages that contain the error, as determined by the last scan.
Click on an issue in the Number of pages column. The page slides open. The information shown is:
Search: Click in the dialog box and type a search parameter.
Title and URL: The page title and a link to the issue details for the page.
Views: Approximate number of page views since the last scan. This information is only available when Statistics is enabled.
Open page details (the page icon): On the same row as an issue, click the Page icon to navigate to the overview of the page. This view shows the data policy issues for the page as determined by the last scan.
Click Action on the same row as an issue. Choose an action to take for the issue. The choices are:
Ignore on the page
Mark as fixed.
Note: The difference between Mark as Fixed and Ignore is that issues marked as Fixed are still included in future scans and can be flagged again if the error persists. Issues that are set to Ignore are permanently omitted from future scans and compliance scores.
Redirect to Page (magnifying glass icon): Navigate to the page and then use the Monsido Extension to identify the placement of the errors on the page, repair the errors, and more.
Affected pages by severity: The distribution of data security issues by severity, along with the number of pages that are affected. See Priority, Severity, Difficulty, and Likelihood for a breakdown of the levels of severity.
Data Privacy Diagnostics: A percentage diagram shows the percentage of total pages that are compliant with the selected data security checks. A line graph shows the issues over time.
Fast Track
Select this option from the menu on the left side of the page.
The Data Privacy Fast Track page opens.
For more information, see the User Guide chapter:
HTML snippet affecting compliance level: This section is on the left-hand side of the window and contains a list of the HTML snippets that affect the compliance level of the webpage. Click the name of the HTML snippet to open the Details sections for that snippet.
Effect on overall compliance level: This section shows the percentage of overall compliance level that this error causes, as well as the number of affected pages and the number of checks that fail.
Snippet: This section is on the right-hand side of the page and shows the name of the HTML snippet.
Check: This section shows the checks that fail, a link to the Help Center, the number of affected pages, the severity of the issue, and an Action button for review of the issue.
Click Action and select Review.
A dialog box asks for a reason for the review. Enter the reason that the issue is approved and then click OK to close the dialog.
The issue is gone from the list. To view items placed in Review, check the audit log.
Content with Data Issues
Select this option from the menu on the left side of the page.
The Content with Data Issues page opens.
The list contains the following fields:
Filters: Select a category from the menu bar at the top of the list to further filter the list as needed:
All: View all results.
Pages: View pages with issues.
PDF Documents: View PDF documents with issues.
Other Documents: View other documents with issues.
Export: Click to export the list. A dialog box opens. Select your export file:
Content with Data Issues Export.
A message informs that, "Your export is currently being generated, You will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or click Go to My Exports on the message dialog box.
Filter (the funnel icon):
Data Regulations: Click to filter for Data Regulations. This list is populated with the selections made during Setup. See Regulatory Templates for an explanation of each selection. Here are some of the fields that may appear in a setup:
GDPR
CCPA
APA
SHIELD
PIPEDA.
Search: Click in the dialog box and begin to type a search parameter. The results will start to appear after three figures are entered.
Title and URL: The page title and a link to the issue details for the page.
Click the link. Page Details page opens. In the Data Privacy section, issues are shown in a list along with the severity of the issue.
From the menu bar at the top of the list, select a status to further filter the list as needed:
All: View all results.
High: View results with high severity.
Medium: View results with Medium severity.
Low: View results with low severity.
Ignored: View ignored issues.
Fixed: View fixed issues.
For more information, see the User Guide chapter:
In the Settings section, click Action on the same row as an issue. From the drop-down list, select an action to take for the issue. The choices are:
Ignore on the page
Mark as fixed.
Note: The difference between Mark as Fixed and Ignore on the page is that issues marked as Fixed are still included in future scans and can be flagged again if the error persists. Issues that are set to Ignore are permanently omitted from future scans and compliance scores on this page.
Click Quick Help for an explanation of the issue and suggestions on how to resolve it.
Click X to navigate back to the Content with Data Issues page.
Notifications: If the system has a notification, click to view it.
Views: Approximate number of page views since the last scan. This information is only available when Statistics is enabled.
Open page details (webpage icon). This view shows the data policy issues for the page as determined by the last scan.
The Data Privacy details page opens.
Click on an issue in the list. The pane to the right updates with information and help about the issue.
Open Issue Page: On the same row as an issue on the right, click Open Issue Page (an i for information icon).
For more information about Issue View see the user guide article:
Redirect to page: Click to navigate to the page URL and view the page as an external visitor.
Data Issues
Select this option from the menu on the left side of the page.
The Data Issues page opens. Issues are shown in a list along with the severity of the issue.
See Priority, Severity, Difficulty, and Likelihood for a detailed breakdown of the levels of severity.
From the menu bar at the top of the list, select a status to further filter the list as needed:
All: View all results.
High: View results with high severity.
Medium: View results with Medium severity.
Low: View results with low severity.
Ignored: View ignored issues.
Fixed: View fixed issues.
Export: Click to export the list. A dialog box opens. Select Content with Data Issues Export.
A message informs that, "Your export is currently being generated, you will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or use the provided button Go to My Exports.
Filter (the funnel icon):
Data Regulations: Click to filter for Data Regulations. This list is populated with the selections made during Setup. See Regulatory Templates for an explanation of each selection. Here are some of the fields that may appear in a setup:
GDPR
CCPA
APA
SHIELD
PIPEDA.
Issue Type: Click to filter for Issue Type. This list is populated with the selections made during Setup. See Regulatory Templates for an explanation of each selection. Here are some of the fields that may appear in a setup:
Banking Data
General personal data
Healthcare
National ID
Personal technical
Product identifier
Sensitive personal data
Taxpayer ID
Technical
Other.
Type-Issue: A symbol indicates the type of issue and the name.
Check name: The name of the check that flagged the issue in the scan.
Likelihood: This rating indicates the level of certainty that the issue is accurate.
Likelihood ratings are divided into the three following categories:
Possible
Likely
Very Likely
Note: The Data Privacy module is highly effective, however false positives can occasionally occur. Monsido recommends a manual review of the scan results.
For more information on Likelihood and how it is determined, see the User Guide article:
Help center: Click for an explanation of the issue and suggestions on how to repair it.
Pages: The number of pages where the issue occurs. Click to navigate to the page view.
Title and URL
Views
Open page details: On the same row as a page, click the Page icon to navigate to the overview of the page. This view shows the data policy issues for the page as determined by the last scan.
Redirect to page: Click to navigate to the page URL and view the page as an external visitor.
Tip: If it is installed, use the Monsido Extension to identify the placement of the errors on the page, repair the errors, and more.
For more information, see the User Guide chapter:
Click X to exit this view and return to the main Data Issues page.
Severity: See Severity Levels for a breakdown of the levels of severity.
Checklist
Select this option from the menu on the left side of the page.
The Check List page opens. The list contains all of the checks from the most recent scan, both with and without issues.
Issues are shown in a list along with the severity of the issue. See Severity Levels for a breakdown of the levels of severity. From the menu bar at the top of the list, select a status to further filter the list as needed:
High: View results with high severity.
Medium: View results with Medium severity.
Low: View results with low severity.
Passed: List of all items that the scan included which are compliant and designated as Pass.
Export: Click to export the list. A dialog box opens. Select your export file:
Content with Data Issues Export.
A message informs that, "Your export is currently being generated, you will receive an email when the export is ready." To view the progress, click the avatar icon on the main toolbar and select My Exports, or click Go to My Exports on the message dialog.
Filter (the funnel icon): Click to filter for Data Regulations. This list is populated with the selections made during Setup. See Regulatory Templates for an explanation of each selection. Here are some of the fields that may appear in a setup:
Data Regulations:
GDPR
CCPA
APA
SHIELD
PIPEDA.
Issue Type: Select to filter by the type of issue as designated in the scan setup. See Setup for instructions on how to add or remove additional checks to the scan.
Country: Select a country to filter for. Country-specific items are added to the scan in the setup. See Setup for instructions on how to add or remove additional country checks to the scan.
Search: Click in the dialog box and type a search parameter.
Table: The table headers are:
Type: A symbol indicates the type of check. Hover the mouse over the symbol for a text explanation.
Check name: The name of the check. See Setup for more information on how to edit and view the checks that the scan is set up for.
Help Center: Click for an explanation of the issue and suggestions on how to repair it.
Country: This field shows the country name for checks that are country-specific.
Compliance: The percentage of compliance that this check achieves.
Pages: The number of pages that contain the error, as determined by the last scan.
Severity: This rating indicates the level of risk associated with the data, with regards to potential threats to organizational assets, organizational operations, and individuals should it be disclosed without authorization. See Severity Levels for a breakdown of the levels of severity.
Consent Overview
Select Consent Overview from the menu on the left-hand side of the page.
The Consent Overview page opens. This is an overview of user cookie acceptance rates, as well as the consent log that stores the cookie categories that the users have consented to.
From the expanded list, select:
Cookie Acceptance Rate: Select Cookie Acceptance Rate. The Cookie Acceptance Rate page opens and shows an overview of customer behavior towards cookies on the website.
The Acceptance Rate by Category page shows acceptance rates by cookie categories.
The Overall Acceptance Rate page shows a percentage of cookies accepted, as well as a graph chart with acceptance rates over time.
Consent Log: This page lists IP addresses that interacted with the cookies on the website, shown in chart format. The log is kept on Monsido servers for two years.
The column headers are:IP Address: The IP address of the computer that browsed the site.
UUID: The unique ID for the user device that received the cookie.
Note: This ID is gone from the user's device when the cookies on that device are deleted by the user. When the UUID is gone, the user can no longer request the record of the cookie consent.
Location: The country of origin that the user accessed the site from.
Data Regulation: The applicable regulation, GDPR, CCPA, or both.
Accepted cookies: The cookie categories that the user accepted.
Date: The date that the user accepted the cookies.
Cookie Overview: This page gives information about the cookie acceptance rates by users. The Cookie Overview page opens.
Note: If this is the first time that the scan populates cookies, the list only shows manually added cookies, if any have been added.
The table fields have the following columns:
Category: Click the drop-down arrow and select the category for the cookie.
Essential: These cookies are required to enable basic website functionality. Note: Essential cookies cannot be deselected by the user.
Basic (Recommended): Allows users basic access to selected features such as Help Desk, and facilitates communication.
Marketing: These cookies are used to provide advertising that is tailored to the user and their particular interests. Marketing cookies can also be used to restrict the number of times an advertisement is displayed and to measure the efficacy of advertising campaigns. Advertising networks usually place marketing cookies with the website operator’s permission.
Statistics: These cookies allow website operators to identify technical issues and understand how a site is performing. They can also be used to see how visitors interact with the site and usually do not collect information that identifies visitors.
Preferences: These cookies allow the website to keep track of your choices (e.g. region, user name, language) in order to provide more personalized features. A website may, for example, provide local traffic information based on data stored about the current location of the user.
Name: Enter the name of the cookie, exactly as it appears in the HTML code.
Domain: Enter the domain of the cookie.
Platform: Add the name of the platform or the company who provides this cookie.
Note: This field automatically inherits the language value.
Description: Enter a short description of the cookie. If needed for this step, use a web search engine search for the cookie name.
Duration: Enter the duration of the cookie.
Delete (trashcan icon): To remove a cookie, click the trashcan icon to delete the row.
Error indicators:
A red exclamation point on a row means that there is incomplete cookie data. Cookies that are not complete cannot be published or filtered, and are added to the user's browser automatically. It is important to complete the cookie setup.
A yellow question mark on a row means that the cookie was detected in previous scans but is not present in the most recent scan. Click the question mark to open a dialog box and handle the issues. Choose:
Show anyway: If the cookie was missed by the scan and you are sure the cookie is present, this is a good option to select. The cookie remains on the list.
Ignore & hide: Choose to ignore this cookie for now and hide it from the list. This is a good option if you suspect the cookie may appear again on the next scan.
Save. A dialog box opens with the message, "Cookie Overview Saved".
Notes:
3rd party cookies that the scan finds have a domain and a path. These are unique identifiers for the cookie.
Users cannot edit the name, domain, or path of cookies that the scanner finds.
Users cannot manually create a cookie with a name that already exists for a cookie that is found by the scan.
UI Overview video: This video walkthrough explains the cookie overview setup.
For more information, see the User Guide chapter:
Data Privacy Score
This section is coming soon.
Data Privacy Reports
This section gives information about the available data privacy reports.
The report is delivered to the email addresses for the persons assigned to receive this report.
The available report for Data Privacy is:
Data Protection Summary report
Click Schedule This Report (calendar icon) on the same row as the report to receive the report as an email attachment. Multiple selection is allowed.
Click Open Report (eye icon) to get the newest report.
Click Report Administration (gear icon) to add other users to receive the report.
For more information, see the User Guide articles:
Additional Resources
For more information about the topics covered in this chapter, see also the User Guide chapters:
For definitions and explanations of acronyms and abbreviations used in the Monsido User Guide, see:
For further assistance, contact the Monsido support team at support@monsido.com or use the Monsido chat and help features inside the application.