Tealium Data Security
and Privacy Tools

Customer data is essential to delivering an exceptional customer experience. As data sources and usage grow, it’s essential for organizations to detect, mitigate and minimize the risk associated with sharing 1st, 2nd, and 3rd party data across the technology stack.

To do this at scale and in compliance with current and evolving regulations, a secure and scalable environment for processing customer data and orchestration of that data is vital.

Environment Infrastructure Security Controls

Tealium’s Private Cloud solution leads the industry in security and compliance. In addition to implementing the highest level of safeguards for unparalleled data security, Tealium’s Private Cloud provides the robust orchestration and activation features that are trusted by over 850 enterprises.

Key Benefits

• Visibility and control over data supply chain–Integrated tools managing data over its full lifecycle
• Certified Solution–Tealium’s Private Cloud has achieved a pedigree of 3rd party security and privacy certifications: HIPAA, ISO 27001 and 27018, and SSAE18 SOC 2 Type II.
• Tools and controls to manage data flow–Functionality to restrict and enable any and all data sharing when needed.

HIPAA Regulated Features of Tealium’s Customer Data Hub

• Stringent safeguards for processing and storing protected customer information designed to protect the confidentiality, integrity, and security of ePHI.
• Security Information and Event Management (“SIEM”), which is fully managed by Tealium.
• All environments are audited for compliance by a third party.
• Data encryption at rest and in transit.

Infrastructure

Tealium’s Customer Data Hub (“CDH”) hosted in a Private Cloud provides an end-to-end data orchestration platform for collection, standardization, transformation, integration, and activation of data.

Security Controls

In addition to the Private Cloud infrastructure security features, the products hosted within Private Cloud offer additional security features that allow customers to align the data processing with the requirements of the HIPAA security rules.

Role-Based Access Control

Tealium iQ users can be assigned preconfigured permission sets and placed into separate security tiers based on role. Users can be given a range of permission from “view-only” to full administrative control.

Tag Marketplace Controls

The Tealium Tag Marketplace can be configured to only allow usage of a predetermined set of tags; making it easy for the TiQ admin to work with their InfoSec teams.

Visitor Data Controls

As first-party data is collected in Tealium, data types that are identified as sensitive can be labelled “restricted” based on InfoSec and IT requirements.

Restricted Data

Data that is labeled as restricted is also prohibited from being exposed on Tealium’s Data Layer Enrichment (DLE) feature. Restricted data is still capable of being orchestrated if there is a requirement to do so.

Capture IP Address

Based on an organization’s privacy policy, personal information such as IP address may or may not be prohibited to enter the company’s infrastructure and network.

Geographical Data Storage

Tealium’s platform can be configured to store all data in the chosen global location, complying with legal requirements on data storage.

Data Obfuscation and De-Identification

Tealium AudienceStream provides the ability to build attributes that represent the characteristics of a particular visitor, allowing efficient data obfuscation and de-identification.