Skip to main content

Privacera Documentation

Right to Privacy policy

With lookup data and static masking algorithms, sensitive information such as email addresses, phone numbers, and street addresses are encrypted in the source folder and subject to the Right to Privacy (RTP).

Lookup files must be in .csv format. The fields in the lookup file are compared to the records in the resource files. If the tag is found (the value in the lookup file matches the value in the resource file for the specified tag (Search for tags)), then the field value in the resource file will be encrypted. Ensure that the header of the lookup file matches the header of the tag to be searched.


The resource file should be scanned before applying the RTP policy. The RTP policy does not work on real-time or offline scans.

Right to Privacy policy supported data sources

The following data sources are supported by the RTP policy. Click the tab to display the data sources that are supported in the cloud.

  • AWS

    • S3

    • Snowflake

    • Redshift

    • AuroraDB Postgres

    • AuroraDB MySQL

    • PostgreSQL

  • Microsoft Azure

    • Azure ADLS

    • MSSQL Server Synapse

  • GCP

    • Google Cloud Storage

Right to Privacy policy supported file formats

For a list of supported file formats that the Right to Privacy policy can be applied to, see Supported file formats by workflow policy type

Right to Privacy policy fields

The following fields are included in the RTP policy:

  • Name: The name of the RTP policy.

  • Type: The type of policy.

  • Alert Level: The level of alert: high, medium, or low.

  • Description: A description of the RTP policy.

  • Status: A toggle to enable or disable the RTP policy. It is enabled by default.

  • Application: The data source from which the scanned resources can be accessed and where the RTP policy will be applied.

  • Lookup Application: The name of the data source containing the lookup file. The lookup file must be in .csv format, with tag names in the header columns.

  • Lookup File Location: The location of the lookup file.

  • Archive Location (Optional): This field specifies the location where a copy of the input file is stored before any tagged records are encrypted.


    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the archive location in the correct format [Db].[Schema] for these applications.

  • Search for tags: Tags used to identify or classify data to be encrypted.

  • Apply Encryption Schemes: A list of scheme names that have been added to the Schemes page. To view the schemes, select Encryption & Masking > Schemes from the navigation menu.

  • Use LITERAL: If this feature is enabled, the sensitive values in the resource file are replaced with literals for scheme. For more information about LITERAL, see about LITERAL.

  • Auto Run: If this feature is enabled, the RTP policy is applied after a specified time interval.

Example 6. Right to Privacy policy example
  • Add a .csv file to the Lookup File Location field, and it should specify which sensitive data needs to be removed from resources based on tags. For example: File name is input.csv with EMAIL tag (, PERSON_NAME tag (Alex).

  • Now, when the resource file is being scanned, if tagged with EMAIL and Alex tagged with PERSON_NAME are matched, then this row will be considered for RTP.