The University of Texas at Austin relies largely on Google Analytics to provide traffic information on its websites and applications. Additional tracking technologies are in use across the university’s digital properties, and may be recommended as well.

Google Analytics Standards of Use

All university sites using Google Analytics must adhere to the following standards

Upholding these standards will help to ensure that the privacy of all of our sites’ visitors is safeguarded appropriately.

1. Avoid Using Google Analytics on Secured Pages.

Google Analytics is not currently recommended for use with any secured pages due to the heightened risk of passing and/or storing sensitive information. 

2. Do not pass personally-identifiable information to Google Analytics.

Google Analytics must not be used to “track, collect, or upload any information that personally identifies an individual,” since this is a violation both of Google Analytics Terms of Service and UT Austin’s Web Privacy Policy.  Avoid using personally-identifiable information in the query string of pages that are tracked by Google Analytics. Any personally-identifiable information passed in the query string should be filtered out using Google Tag Manager.

3. Use POST Requests with User-Related Forms. 

Google Analytics stores URLs visited within a domain, so avoid any GET requests that may result in URLs embedded with user-related data.  Google Analytics may also track and store IP addresses that have visited certain URLs, so even if a form does not pass information that personally identifies a single individual, information embedded in a URL could be associated with an IP Address.  Using POST requests to hide form parameters will help avoid potential privacy concerns related to the URL.

4. Anonymize IP Addresses within Google Analytics.

Google provides optional functionality to anonymize IP addresses so that a user’s full IP address is never written to disk based on a visit to a tracked website.  In order to anonymize IP addresses, include the _anonymizeIp() method in the tracking code. 
Read More about IP Anonymization in Google Analytics

5. Configure Account Settings in Google Analytics to Prevent Unnecessary Data Sharing.

Google allows users to opt out of several types of data sharing related to their Google Analytics accounts.  Visit the Account Settings screen to de-select these options. 
Read More about Data Sharing Settings in Google Analytics

6. Regularly Review Google Analytics Account and Report Access.

Because access to Google Analytics is granted through personal Google accounts, take care to change/remove access appropriately whenever there are personnel changes.  Teams using Google Analytics are additionally encouraged to review all report and account access on a quarterly basis.

7. Disclose Use of Google Analytics to Website Users in the Privacy Policy.

As required by Google Analytics Terms of Service, tracked websites must each include a privacy policy, and that privacy policy must notify users of the use of cookies and of Google Analytics.  The University of Texas at Austin's Web publishing guidelines require all pages to link to the university's privacy policy, which discloses use of Google Analytics and therefore meets Google’s notification requirement. If a site is using Google Analytics for Display Advertisers, it must comply with additional requirements for advertisers.
Read More about Policy Requirements for Google Analytics Advertising Features

If you have any concerns about whether your website is using Google Analytics safely, please contact the Information Security Office (