The University of Texas at Austin relies largely on Google Analytics to provide traffic information on its websites and applications. Additional tracking technologies are in use across the university’s digital properties, and may be recommended as well.
Google Analytics Standards of Use
All university sites using Google Analytics must adhere to the following standards.
Upholding these standards will help to ensure that the privacy of all of our sites’ visitors is safeguarded appropriately.
1. Avoid Using Google Analytics on Secured Pages.
Google Analytics is not currently recommended for use with any secured pages due to the heightened risk of passing and/or storing sensitive information.
2. Do not pass personally-identifiable information to Google Analytics.
3. Use POST Requests with User-Related Forms.
Google Analytics stores URLs visited within a domain, so avoid any GET requests that may result in URLs embedded with user-related data. Google Analytics may also track and store IP addresses that have visited certain URLs, so even if a form does not pass information that personally identifies a single individual, information embedded in a URL could be associated with an IP Address. Using POST requests to hide form parameters will help avoid potential privacy concerns related to the URL.
4. Anonymize IP Addresses within Google Analytics.
Google provides optional functionality to anonymize IP addresses so that a user’s full IP address is never written to disk based on a visit to a tracked website. In order to anonymize IP addresses, include the _anonymizeIp() method in the tracking code.
Read More about IP Anonymization in Google Analytics
5. Configure Account Settings in Google Analytics to Prevent Unnecessary Data Sharing.
Google allows users to opt out of several types of data sharing related to their Google Analytics accounts. Visit the Account Settings screen to de-select these options.
Read More about Data Sharing Settings in Google Analytics
6. Regularly Review Google Analytics Account and Report Access.
Because access to Google Analytics is granted through personal Google accounts, take care to change/remove access appropriately whenever there are personnel changes. Teams using Google Analytics are additionally encouraged to review all report and account access on a quarterly basis.
Read More about Policy Requirements for Google Analytics Advertising Features
If you have any concerns about whether your website is using Google Analytics safely, please contact the Information Security Office (firstname.lastname@example.org).