Skip to main content

Multiple Identifiers

In order to associate a Data Subject with a piece of personal data, DataGrail uses an Identifier. This is a unique string that reliably identifies an individual in your systems.

By default, DataGrail collects and uses a Data Subject's Email as the primary identifier when querying connected systems for PII. Optionally, a Phone Number can be used as a primary identifier by enabling the "Phone Number" question on your intake form. Read more about how Phone Number verification works in Phone Verification.

Additionally, some systems may utilize an identifier like device ID or another unique ID as the primary key for users. In these cases, it's helpful to configure an additional identifier in DataGrail to ensure PII is queried effectively.

This article walks through configuring Multiple Identifiers ("Multi ID") in DataGrail.

DataGrail User Roles

Only the following User Roles will have access to configure Multiple Identifiers:

  • Super Admin
  • Connection Manager

Understanding Identifiers

An Identifier is a verifiable key that allows DataGrail to identify a unique data subject within a specific context.

There are two types of identifiers in DataGrail:

  • Primary identifiers are available by default and must be verified by DataGrail, if included on your intake form.

  • Extracted identifiers are retrieved from your integrations or provided by a DataGrail admin.

An effective identifier should be:

  • Verifiable: The Data Subject or a trusted party must be able to verify or prove that the identifier is associated with the Data Subject. This validation can happen directly (i.e. Email Verification) or indirectly (i.e. validated and returned by a trusted party).
  • Unique: Identifiers should be able to identify only one unique data subject in a specific context.

DataGrail Identifier Categories

The following Identifier Categories are available for use in DataGrail:

  • Advertising ID: A Device ID used for ad-based purposes. Sub-categories include: iOS, Google, Amazon, Microsoft, and Roku.
  • App ID: A system-assigned ID to a customer application.
  • Browser ID: Something that identifies a user's browser, like a cookie.
  • Email Address: A personal, work, or other type of email address.
  • Phone Number: A personal, work, or other type of phone number.
  • Service ID: A system-assigned ID to a data subject record.
  • Social Media ID: An ID from a social media profile. Sub-categories include: Twitter, Facebook, Smooch, and Intercom.
  • User ID: A custom customer-controlled ID.

Modifying Identifiers

Approved User Roles can view configured identifiers by navigating to Settings and then Identifiers under the Request Manager heading. There are two tabs available: Primary and Extracted identifiers. The only identifiers that are configurable are Extracted identifiers.

On each Identifier card, you will see the following information:

  • The Identifier Name (i.e. Email)
  • Identifier Category
  • The Number of Integrations Mapped to The Identifier
  • A Button to View or Edit the Identifier

Adding a New Extracted Identifier

To add a new Extracted identifier:

  1. Select the Extracted tab.
  2. Select Add Identifier.
  3. Enter an Identifier Name and select the relevant Identifier Category and Sub-Category (if available).
  4. Select This identifier is required to process the request to require this identifier on all requests. If unchecked, Privacy Requests can proceed without this identifier provided.
  5. Select the Identifier Source:
    • Manually enter this identifier (Default): Manually input the identifier value for each Privacy Request during the Wizard State.
    • Automatically extract identifier through integrated systems: If you have an Internal Systems Integration configured to retrieve identifiers, select this option to fetch the identifier automatically.
  6. Configure the Integrations to utilize this identifier. All supported integrations will be listed in this section.
  7. Select Add Identifier.
Identifiers on The Intake Form

For identifiers configured with a Manual Source, it is helpful to ask the Data Subject to provide the identifier on your Intake Form. To do this, add a Custom Question to your Intake Form to help retrieve identifiers that cannot be obtained automatically.

Editing an Identifier

To edit an existing identifier:

  1. Select Edit on any existing identifier. The default "Email" and "Phone Number" identifiers cannot be edited.
  2. The following fields can be edited on any existing identifier: Processing Requests, Identifier Source, Integrations.
  3. Select Update Identifier to save your changes.
Active Requests

Edits to the Processing Requests or Identifier Source fields will be applied to active Privacy Requests. Edits to Integrations will only be applied to newly created Privacy Requests.

Deleting an Identifier

To delete an existing identifier:

  1. Select Edit on any existing identifier. The default "Email" and "Phone Number" identifiers cannot be deleted.
  2. Select Delete Identifier in the bottom-right of the page.
Active Requests

Deleted identifiers will continue to show on active Privacy Requests. Deleted Identifiers will no longer be included on new Privacy Requests.

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.