Best Practices for Page Tagging Implementation

Form data collection is a powerful feature, but it is not enabled by default. When this capability is enabled, the data contained in the captured forms is stored in the clickstream collection server Web log as plain text. Access to this text presents a potential security issue. For example, a form capture option value of 1 collects all of the data contained in every form.

Therefore, you must ensure that the configuration settings for the form capture option result in the capture of the desired data only. You must also ensure that the clickstream collection server's Web log files are properly secured from unauthorized access. If you fail to properly configure this option, any sensitive data that a Web visitor submits in a form might be stored as raw text.

As with any data in an organization, proper security measures should be put in place to protect sensitive information. Page tag data, by its very nature, contains information about user activity on a Web site. Depending on how the SAS page tag is configured for a site, sensitive information can be collected about user activity. All data collected by the SAS page tag is stored in the raw text Web log of the clickstream collection server. Appropriate measures should be taken to ensure that the Web log files for the clickstream collection server are properly secured from unauthorized access.