Skip to main content

Privacera Platform master publication

De-identification policy
:

The De-identification policy encrypts sensitive data from resources based on specified tags.

Supported data sources

The following data sources are supported in the AWS cloud for the De-identification policy:

  • S3

  • Snowflake

  • Redshift

  • AuroraDB Postgres

  • AuroraDB MySQL

  • PostgreSQL

Supported file formats

For a list of supported file formats that the De-identification policy can be applied to, see Supported file formats by policy type.

De-identification policy fields

The De-identification policy has the following fields:

  • Name: The name of the De-identification policy .

  • Type: The type of policy.

  • Alert Level (Optional) : The alert level: high, medium, or low.

  • Description (Optional): A description of the De-identification policy.

  • Status: A toggle used to enable or disable the policy. It is enabled by default.

  • Application: The data source from which the scanned resources can be accessed and where the De-identification policy will be applied.

  • Destination Location: The location where the encrypted sensitive data will be transferred.

    Note

    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the destination location in the correct format [Db].[Schema] for these applications.

  • Archive Location: This field specifies the location where a copy of the input file is stored before any tagged records are encrypted.

    Note

    Some applications such as Snowflake and Presto SQL follow the [Db].[Schema].[Table] hierarchy. You need to provide the archive location in the correct format [Db].[Schema] for these applications.

  • Search for tags: The tags used to identify or classify the data to be encrypted.

  • Apply Encryption Schemes: A list of scheme names that have been added to the Schemes page. To view the schemes, select Encryption & Masking > Schemes from the navigation menu.

Add a resource to a data zone

To add a resource to a data zone, see Add Resources. .

When you run a scan on a data zone, the policy will be applied and the data will be encrypted and moved to the destination location. The source file will be moved to the archive location.

If the destination location is not provided, the data will be encrypted in the resource file itself.