This article covers the attribute property Restricted Data. This property is used to identify attributes that contain data that should be omitted from some services.

In this article:

What is Restricted Data?

In general terms, restricted data refers to any attribute containing data that is:

  • ✔ private or personal
  • ✔ protected by privacy laws
  • ✔ subject to controlled access

By default, attributes are not restricted and may flow through to a variety of destinations. Attributes have a setting called Restricted Data that prevents them from being included in some processes that send data out of the Customer Data Hub. Attribute enrichments are not affected.

Identifying Restricted Attributes

On the attributes screen there is a filter named Restricted Data that will show all attributes that have been marked as restricted.


When editing attribute details you can see the Restricted Data field in the properties section.


For security purposes, attributes of type Visitor ID are always marked as restricted. This cannot be changed.

How Restricted Attributes Are Handled

The following services handle restricted attributes:

  • EventStore and EventDB 
    By default, restricted attributes are omitted from event feeds. This behavior can be changed in the settings for each feed. (See Live Events and Feeds.)
  • Data Layer Enrichment
    By default, restricted attributes are omitted from the visitor attributes returned to the on-page data layer via data layer enrichment with AudienceStream. When the Tealium Collect tag requests the latest visitor profile, AudienceStream returns attributes that are not restricted. This behavior cannot be changed.

The following services do not handle restricted attributes:

  • AudienceStore and AudienceDB
    By default, restricted attributes are always included, whether they are sent to AudienceDB or exported using the AudienceStore connector. This behavior cannot be changed.
  • Connectors (including Webhook)
    By default, restricted attributes are always included, whether you are sending them to the vendor through mappings or as part of the visitor profile. This behavior cannot be changed.

    A warning message will appear if your connector request contains one or more restricted attributes.


  • Marking an attribute as restricted protects it from being sent to select Tealium services.
  • EventStore, EventDB, and Data Layer Enrichment services honor restricted data.
  • AudienceStore, AudienceDB, and Connectors do not honor restricted data.
  • Restricted attributes are available to all enrichments.