Google Analytics is a powerful tool for getting information about web site users and their behavior. But there are some issues raised when it’s used to track activity on a corporate directory application.
What that means is that data like names and e-mail addresses cannot be included in data submitted to Google for analysis. Private street address and phone numbers are also forbidden. Office street addresses and direct line phone numbers, if they could be linked to users on the public Internet also need to be avoided .
The question of whether userids or usernames, system identifiers used in authentication and internal company identification can be revealed is complicated. Internal private usernames, those not self-selected by users but generated by a system, are not considered to be PII for the purposes of Google Analytics. Public usernames, those selected by the user, or publicly linked to the user on external systems would be considered PII .
So if I choose systemninja as my username and my real name appears alongside it on a public web page, then that username is PII. But if I am assigned a userid like E0011249 for authentication to and identification by my company’s internal systems and that number is not linked to me on any external site (in an Internet-accessible corporate directory, for example), then it is not PII.
Fortunately, complying with Google’s policy will not be difficult for most users. If your application displays any of the prohibited information as parameters in an application uri. For example:
You can exclude these parameters by listing them in the View Settings for the particular site on the Admin tab. To do this just navigate to Admin and choose the target site under Property, then go to View… View Settings and insert a comma separated list of the parameter labels in the Exclude URL Query Parameters window.
If this kind of information is embedded in a url without parameter labels you may have to use a filter to hide those urls. The Filters interface is also found under View for each site. Crafting filters can require research and careful planning. You’ll need to study the url patterns produced by your application and use the correct syntax to exclude the offending material.
A simple example would be a filter that excludes urls that contain an e-mail address. If these urls looked something like:
the filter to choose would be a Custom… Exclude… Request URI with a Filter Pattern like:
Note that by excluding a url you’ll be removing it from the data submitted to Google, resulting in any hits on that url (or urls that match the pattern you specify) not being counted in Google’s analysis .
 Some good resources for crafting filters: