Using Tag Management to Improve Data Governance and Site Security

Tag Management helps Data Governance like this guy

Big enterprise websites often have multiple, disparate players managing site data and tag infrastructure, so serving digital marketing and analytics tags is often coordinated through a Tag Management System (TMS) such as Google Tag Manager or Tealium. In some cases, that important duty falls on an outside vendor like an ad agency. Which means that an uncomfortable number of people across business units and companies may have access to edit and implement tags and view site user data. That poses a significant risk.

At a time when enterprises seem to make regular headlines for data breaches and violations of privacy —  think Target, Equifax — government regulators have enacted tough data policies such as GDPR and CCPA, including significant punishments for not adhering to data protection rules. Organizations of all sizes need to sharpen their data governance practices. And that, in part, means placing controls on who has access and permission to alter the tags that generate user data.

What Is Data Governance?

Data governance isn’t just about avoiding problems; it’s about proactively helping teams fully leverage the powerful insights embedded in their shared data. Like companies that can have a style guide that dictates how their brands are represented in print and online, they should also have data governance guidelines that enable internal and external team members to safely and efficiently manage and share key data.

Data governance enables:

  • Faster decision-making
  • Action and implementation, not just insights and learning
  • Wider access for internal and external stakeholders
  • Collaboration without contamination
  • Reliable training and onboarding of data stakeholders
  • Scenario preparation for mergers and acquisitions
  • Reduced risk of data breach or non-compliance

Data Governance and Tag Management

Until recent times, TMSes were not as ubiquitous and developers would have to implement code directly on the site in order to send user data to an analytics platform. Today, implementing tags is a matter of placing a TMS’s JavaScript tag container on the page, which lets anyone with access control and edit tags globally through a central platform like Google Tag Manager (GTM). 

When large enterprises have business units with different data priorities, and when outside agencies are called in to manage data collection and tag implementation, controlling who can create, publish and maintain data and ad tags becomes a huge data governance challenge. 

In some instances this may even create a scenario where multiple containers can exist across a website — not a best practice. While Google added support for multiple containers in GTM on the same page a couple of years ago, we advise our clients against it due to unintended consequences like duplicate or conflicting triggers. More relevant to data governance, multiple containers can lead to inadvertent sharing of data between the entities responsible for the containers. It can also create a data pipeline for those who shouldn’t have access to site users’ private information. In short, anyone who has publish permission potentially can break or make your site more insecure to hacking or data leakage. 

This lack of oversight potentially opens the door for people to insert code into your site — out of ignorance or malicious intent — and bypass existing testing and security practices. 

Securely Managing Tags with GTM 360 Zones

Thankfully Google released the Zones feature in GTM 360 to make managing multiple containers easier and more secure. It’s an advanced feature and relatively new so administrators may not be aware of it. Within a Zone, site managers can set Boundaries, or rules you can use to restrict Zones to only certain pages while also allowing control over how linked containers can function on your site.

In addition, Type Restrictions allow you to specify rules for certain types of tags, triggers, and variables. In other words, a container can only fire its tags, triggers, and variables on those pages that are not restricted by the Boundary. These features allow you much greater control over what the containers can and can’t run on your site, along with who can alter individual tags, down to a finite level of control that enterprises now demand and expect. 

Using Zones in GTM 360:

  • Confining specific access to ad agencies to control just specific ad tags they manage for their clients, limiting the overall scope of GTM and thus reducing the possibility of — and responsibility for — benign errors or devious meddling in users’ data
  • Offers large enterprises more confidence that their sites are secure
  • Allows the nesting of one or more containers to coexist
  • Maintains best data governance practices
  • Allows work groups, both inside and outside a company, to gather and share accurate, actionable data

Tag management is just one facet of appropriate data governance. If you haven’t yet taken steps to develop a data governance plan, Empirical Path can help you identify needs and implement guidelines across your organization and your external partners. The ramifications of sidestepping best data practices are huge: a violation of GDPR may result in a fine of up to 4% of profits — not to mention an almost irreparable loss of consumer trust.

Did this interest you? Reach out to learn
how we can help you.

Contact Us

When you reach out to Empirical Path, you get in touch directly with our fully qualified and experienced consultants.   Whether you need an analytics audit, training, support, or a custom quote on Google Analytics 360 licensing, let’s talk today.