Skip to content

Right to Privacy Policy

With lookup data and static masking algorithms, sensitive information such as email, phone number, or address is encrypted in the source folder and subject to the Right to Privacy (RTP).

You can only use CSV filetype for a lookup file. The fields in the lookup file are compared to the records in the resource files. If the tag is found (the value in the lookup file matches the value in the resource file for the specified tag (Search for tags)), then the field value in the resource file will be encrypted. Ensure that the header of the lookup file matches the header of the tag to be searched.


The resource file should be scanned before applying the RTP policy. The RTP policy does not work on real-time or offline scans.

Supported Data Sources

The following data sources are supported for the RTP policy. Click the tab to display the data sources that are supported in the cloud.

  • S3
  • Snowflake
  • Redshift
  • AuroraDB Postgres
  • AuroraDB MySQL
  • PostgreSQL
  • MSSQL Server Synapse
  • GCS

Supported File Formats

For the supported file formats on which the policy can be applied, see Matrix for Supported File Formats.

The following fields are included in the RTP policy:

  • Name: This field indicates the name of the RTP policy.

  • Type: This field indicates the type of policy.

  • Alert Level: This field indicates the level of alert: High, Medium, or Low.

  • Description: This field contains the description for the RTP policy.

  • Status: This field indicates the policy is enabled or disabled. It is enabled by default.

  • Application: This field specifies the data source from which the scanned resources can be accessed and where the RTP policy will be applied.

  • Lookup Application: This field specifies the name of the data source containing lookup file. The lookup file should be in .csv format, with tag names in the header columns.

  • Lookup File Location: This field specifies the location where a lookup file is kept.

  • Archive Location (Optional): This field specifies the location where a copy of the input file is stored before any tagged records are encrypted.

    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the Archive location in the correct format [Db].[Schema] for these applications.

  • Search for tags: The tags specified in this field help in identifying or classifying the data to be encrypted.

  • Apply Encryption Schemes: This field is populated with the list of scheme name which have been added under Scheme section of the application. To view the schemes, click and expand the Encryption & Masking from left menu, and then select the Schemes.

  • Use LITERAL: If this feature is enabled, the sensitive values in the resource file are replaced with literals for scheme. For more information about LITERAL, see About LITERAL.

  • Auto Run: If this feature is enabled, the RTP policy is applied after a specified time interval.

Here is an example of the Right to Privacy policy:

  • Add a .csv file to the Lookup File Location field, and it should specify which sensitive data needs to be removed from resources based on tags. For example: File name is input.csv with EMAIL tag (, PERSON_NAME tag (Alex).

  • Now, when the resource file is being scanned, if tagged with EMAIL and Alex tagged with PERSON_NAME are matched, then this row will be considered for RTP.