Datastreams overview
A datastream represents the server-side configuration for the ÃÛ¶¹ÊÓƵ Experience Platform Web and Mobile SDKs. While the configure
command in the SDK handles client-side settings (such as the edgeDomain
), datastreams manage all other configurations.
When you send a request to the Edge Network, the datastreamId
references the datastream where the data is sent. This allows you to update the server-side configuration without changing your website’s code.
You can create and manage datastreams by selecting Datastreams in the left navigation within the ÃÛ¶¹ÊÓƵ Experience Platform UI or Data Collection UI.
For more information on how to configure a datastream in the UI, see the configuration guide.
Handling sensitive data in datastreams sensitive
Corporate data stewardship policies and regulatory requirements are increasing restrictions on how sensitive customer data can be collected, processed, and used. This includes the collection, processing, and usage of Protected Health Data (PHI) which is subject to to regulations like the Health Insurance Portability and Accountability Act (HIPAA).
Datastreams provide three methods to assist you with securely handling your sensitive data:
Enhanced encryption encryption
All data in transit though the Edge Network is conducted over secure, encrypted connections using . If the datastream is bringing data into Experience Platform, the data is then encrypted at rest in the Experience Platform data lake. See the document on data encryption in Experience Platform for more information.
Data governance governance
Datastreams use the Experience Platform built-in data governance capabilities to prevent sensitive data from being sent to non-HIPAA-ready services. By labeling specific fields that contain sensitive data in your datastream schemas, you can take granular control over which data fields can be used for specific purposes.
The following video provides a brief overview of how data usage restrictions are configured and enforced for datastreams in the UI:
In Experience Platform, you can apply sensitive data usage labels to schemas and fields containing data that your organization deems sensitive. For example, the RHD
label is used to denote Protected Health Information (PHI), and the S1
label represents geolocation data.
When you create a datastream, if the selected schema contains sensitive data usage labels, you can only configure the datastream to send that data to HIPAA-ready destinations. Currently, the only HIPAA-ready destination supported by datastreams is ÃÛ¶¹ÊÓƵ Experience Platform. Other destination services including ÃÛ¶¹ÊÓƵ Target, ÃÛ¶¹ÊÓƵ Analytics, ÃÛ¶¹ÊÓƵ Audience Manager, event forwarding, and edge destinations are disabled for datastreams containing sensitive data usage labels.
If a schema is being used in an existing datastream with non-HIPAA-ready services, attempting to add a sensitive data usage label to the schema results in a policy violation message and the action is prevented. The message specifies which datastream triggered the violation and suggests removing any non-HIPAA-ready services from the datastream to resolve the issue.
Audit logs
In Experience Platform, datastream activities can be monitored in the form of audit logs. Audit logs indicate who performed what action, and when, along with other contextual data that can help you troubleshoot issues related to datastreams to help your business comply with corporate data stewardship policies and regulatory requirements.
Whenever a user creates, updates, or deletes a datastream, an audit log is created to record the action. The same occurs whenever a user creates, updates, or deletes a mapping through Data Prep for Data Collection. Regardless of whether it was a datastream or a mapping that was updated, the resulting audit log is categorized under the Datastreams resource type.
See the documentation on audit logs for more information on how to interpret logs from datastreams and other supported services.
Next steps
This guide provided a high-level overview of datastreams and their use in Data Collection and the processing of sensitive data. For steps on how to set up a new datastream, see the datastream configuration guide.