Privacera Platform master publication

De-identification Policy
:

The De-identification policy encrypts sensitive data from resources based on the tags specified in the policy.

Supported data sources

The following data sources are supported in the AWS cloud for the De-identification policy:

  • S3

  • Snowflake

  • Redshift

  • AuroraDB Postgres

  • AuroraDB MySQL

  • PostgreSQL

Supported File Formats

For the supported file formats on which the policy can be applied, see Matrix for Supported File Formats.

The following fields are included in the De-identification policy:

  • Name: This field indicates the name of the De-identification policy .

  • Type: This field indicates the type of policy.

  • Alert Level (Optional) : This field indicates alert level: High, Medium, or Low.

  • Description (Optional): This field indicates description for De-identification policy.

  • Status: This field indicates the policy is enabled or disabled. It is enabled by default.

  • Application: This field specifies the data source from which the scanned resources can be accessed and where the De-identification policy will be applied.

  • Destination Location: The field specifies the location where the encrypted sensitive data will be transferred.

    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the Destination location in the correct format [Db].[Schema] for these applications.

  • Archive Location: This field specifies the location where a copy of the input file is stored before any tagged records are encrypted.

    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the Archive location in the correct format [Db].[Schema] for these applications.

  • Search for tags: The tags specified in this field help in identifying or classifying the data to be encrypted.

  • Apply Encryption Schemes: This field is populated with the list of scheme name which have been added under Scheme section of the application. To view the schemes, click and expand the Encryption & Masking from left menu, and then select the Schemes.

    de-id.jpg
Add a Resource in the Data Zone

To add a resource in the data zone, see Add Resources.

Now, when you run the scan on a data zone, the policy will be applied, and the data will be encrypted and moved to the destination location. The source file will be moved to the archive location.

If the destination location is not provided, the data will be encrypted in the resource file itself.