CMS: Storing Personally Identifiable Information (PII) Data

4 min read
PII stands for Personally Identifiable Information. PII includes items such as full name, address, email address, social security numbers, phone number, etc. Read more
PII is considered personal information by different legislators and regulators, and because of this, Wix handles it differently to other content or data. 
While all Wix records are stored encrypted on the disk of our DB machines, for sensitive data such as PII, our policy is to add another layer of protection to the data at the application level.
Note:
PII encryption does not change data access permissions. Appropriate permissions must be set to maintain the confidentiality of the data. Read more about your collection permissions here.

In this article, learn about:


Best practice in PII data handling

As part of efforts to protect data and specifically sensitive data like PII records, Wix guidelines require all PII data to be stored encrypted by the application that handles the data. 
First, you should make sure that the permissions of your collection are set properly, not allowing anyone that does not have the relevant permission to read, update, or delete data. You can learn more about security best practices here.
For Wix sites, this means that any collection field that includes PII data (e.g. marketing sites that collect and store site visitors' sensitive data, etc.) should be encrypted. To allow a field to be encrypted, you need to enable the PII toggle in the CMS:
A screenshot of the Edit field panel, highlighting the PII toggle.
Notice the green PII indicator next to the field name when the PII toggle is enabled.
A screenshot of the Manage Fields panel, highlighting the fields with the PII toggle switched on.
After you mark all relevant fields as PII, publish your site to make sure the new changes take effect.

Encryption and storage of PII

This section includes more details about how PII data is encrypted, how it is stored differently to other data, and what its limitations are.

How encryption is applied to the data:

  • All fields marked as PII are automatically migrated to be stored encrypted in the collection with a unique encryption key.
  • Data in the field is stored encrypted using AES with a 256bit site encryption key.
  • Encryption is applied immediately (and affects both Live and Sandbox).
    Note: While the encryption process begins immediately, it may still take some time to complete depending on the size of data being encrypted. However, while encryption takes place behind the scenes - you can continue to work with your site's data as normal.
  • Access to data automatically returns the decrypted data in the same manner as for other fields.
  • Export data can be used to work with the collection data locally or import it to a designated. system. Regardless of the method, it is not advised that you retain large lists of PII locally on your workstation.
  • All data backups are encrypted in full using the same site key, regardless of any PII data.

Limitations of PII encrypted data:

  • PII encryption does not protect data in a collection if that data is exposed via permission misconfiguration - be sure to set collection permissions properly. Learn more
  • PII encrypted fields have limited capabilities for searching via code or via CMS.
  • Once a field is marked as a PII encrypted field, it disables some functionalities from that field, such as sorting and querying operations other than "eq", i.e. query by exact-match only, for that field.

PII that can be considered public

PII data is not necessarily private information. For example, a site’s owner can display their employees' private home telephone numbers, which are available in the phone book; however, those numbers should be considered as PII.

For an example like this, it is not necessary to use PII encryption, as it is considered public data.

PII in relation to GDPR

Among other rights, customers have the right to access or delete their data at any time under GDPR (and similar privacy laws such as the LGPD and CCPA). With Wix, you can provide your site visitors with access to their data or the right to delete their data from your database entirely. 

As a site owner, it is your responsibility to reply and allow your site visitors to exercise their right to access and delete their data. Likewise, if you receive a delete request, you must ensure that all their data is deleted. Learn more

It's important to note that when a site visitor requests access to their data (where they are supplied with a data file), or to have their data deleted, there is certain data that is not included in either the accessed data file or the deleted data. This includes data about site visitors and members collected by custom flows such as Wix Forms, or data stored in a custom flow in a collection.
Important:
Marking your data as PII and using the encryption tool may not guarantee compliance with other legislations, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA).

Did this help?

|