Tracers: Getting Started

Overview     Pricing     Use Cases     Getting Started     Support

Tracer Records: Effectively Monitor for Data Theft by Hackers, Employees & Vendors

Data Security Hidden In Your Data

Starting with Tracer Records

Implementing Tracers is a simple three-step process: Generate, Insert, Monitor.

Create Tracer Record Generate a Tracer Record. This creates an artificial record that includes a unique email address, phone number and other identifiers.
Insert Tracer Record You insert the Tracer into any valuable data source that houses personally identifiable data (PII): Contacts, Customer databases, HR files, Patient records, Leads, Newsletter lists, etc.
Monitor Tracer Record We monitor for activity on your Tracer Records and alert you to any activity or scan hits. We run a monthly Breach Drill so you can verify your Tracers are in place and functional.

Create Tracer Record

1. Generate

The first order of business for new users is to generate Tracers. If Tracers were not emailed to you with your Welcome Email and Welcome PDF, you need to generate them.

Generating Tracers can be done in either bulk automated or customized one-off. Customization allows you more control over information in the artificial record but also takes more time and attention. Most users will want to use the automated generation of Tracers.

Sample Tracer Records

Email Tracer Phone Tracer First Last Org Street City ST ZIP Other
Tracer 1 ASearcy@__.net 206-528-5487 Ariana Searcy Nordstrom 326 Beech Ave Edison NJ 08817 Dog
Tracer 2 usmcbro@__.us 832-452-0643 Bryson Johnson Trak Auto 1132 Elliot Ave Seattle WA 98115 SSN 125-26-9843
Tracer 3 cor.marc@__.com 315-273-5586 Corrine Marcellus Flipside Records 1601 Buckhannan Carthage NY 13619 MWC

Insert Tracer Record

2. Insert

Once you have your Tracers in hand, its time to deploy them. Decide which databases you need to protect and how many records you will insert in each.

Tracer Records can be inserted in a variety of ways. Initially, we suggest you just drop them in. It really doesn’t matter how Tracers get into your files, but there are Best Practices you can consider once once you have achieved a base level of protection.

Add Tracers to your Customer database, your Employee database, your newsletter email lists, etc. For oother ideas on where to put Tracers, see our Data Sources guide. You can add Tracers by simply pretending to be a customer. Or get technical and insert them into a database at the table level. For addcitional help on how to insert Tracers, see our section on Tracer Insertion Methods.

MonitorTracer Record

3. Monitor

Monitor your Tracers by checking your email for alerts from PrivcyPlan. If there is activity on your Tracer we will notify you.

Once a month we will run a Breach Drill to ensure your Tracers are active.

Depending on where you inserted your Tracer, you may receive Alerts. If you inserted a Tracer in an active Sales database for instance, and your Sales and Marketing team are doing their job, you would expect that they are contacting your Tracer. We will alert you to this activitity. You can tell us to ignore contacts from specific addresses with a quick click.

Tracers hide in your data. Keep them secret.

Data Sources

You can put Tracers anywhere you store personally identifiable data. Here are a few data sources common to most organizations:

  • CRM
    • Salesforce
    • HubSpot
    • Zoho
    • Insightly
  • Email Marketing
    • MailChimp
    • Get Response
    • Constant Contact
    • Sendy
  • Lead Database
  • Employee Database
    • Gusto
    • Bamboo
    • Zenefits
    • Zoho People
  • Accounting Program
    • QuickBooks
    • FreshBooks
Data Source


You can also put Tracers directly into your Spreadsheets if you use them to store data locally or in the cloud. Tracers can go anywhere you have PII.

Tracer Insertion Methods

As a Customer

Insert the Tracer like a New Record

      • If it’s a sales system, create a sale
      • If it’s a newsletter subscription, sign up for the newsletter
      • If it’s a membership system, add a member

Inserting a Tracer into an employee database or accounting database can be more complex. Make sure you understand how they work.

As Customer Service

Insert records with an Add/Edit function
Depending on your software, you might be able to simply add a new record. For instance:

    • Add a new contact in Salesforce
    • Add a new supplier in Quickbooks
    • Add a new client in MailChimp

As a Developer


Insert Tracer Records on the Table level
If you have the knowledge, access, and resources, you can insert the Tracers directly into most databases that contain personally identifible information.

Tracer Record Best Practices

Tell As Few People As Possible About Tracer Records

If a data thief finds out about your Tracers they may be able to avoid it. It’s sad to think that some bad actors come from inside our organizations, but its a statistical fact.

Insert More Than One Tracer Record In Each Data Source

When data is stolen, you never know what the thief is seeking. They may only be interested in certain segments of your customer base. Adding more Tracer increases your chance of a hit in these types of thefts.

When a Tracer is created, we are creating an artificial record. The goal is to make that record appear real. Data thieves are general look to grab big chunks of data containing personally identifiable data. Still,  generated records can sometimes look a little ‘off.’ This might mean a data thief skips the record when selling it or marketing to it. Or a data cleansing program might delete it before a mass marketing attempt. While these scenarios may not be likely, inserting more than one Tracer Record increases your odds.

Be Careful With HR and Accounting Data

A Tracer Record could create a problem if you inserted it into a system you didn’t understand. Systems that affect legal and tax information, for instance, could be  a concern. If you don’t understand the intricacies of your accounting and/or HR system, DON’T insert Tracer Records into them without assistance:

  • When entering info in an accounting system, avoid adding any debits or credits related to the entry.
  • When entering into an HR system avoid entering data that would affect EEOC counts.
    • Other data points could be problematic if they initiate your payroll system or background checks.