Sensitive Data

Sensitive data definitions specify the data anonymization settings applicable for a sensitive context, such as:

• The attributes used by operators to search for the records that contain sensitive data.
• The attribute values that must be anonymized once those records are identified.
• The validations required to allow the data anonymization to proceed.

Each sensitive data definition is built around a sensitive entity (and, optionally, its related entities) on which the anonymization is applied. The sensitive data definition also specifies the validation rules that must be fulfilled in order to allow the anonymization.

1 Configure the Sensitive Entity

1. In FintechOS Studio, go to Main Menu > Evolutive Data Core > Data Governance > Sensitive Data Definitions.
2. Click Insert.
3. In the Sensitive Entity Configuration tab, fill in the following information:
   • Code - The identifier for the sensitive data definition.
   • Sensitive Context - The applicable Sensitive Context And Sensitive Data.
   • Entity - The sensitive entity on which the anonymization is based.
   • Description - Optional detailed description of the sensitive data definition.
4. Click Save and Reload.
5. In the Sensitive Attributes list, click the Insert button to add the sensitive entity's attributes that are relevant for the anonymization (either as search criteria or as data to be anonymized). For each attribute, specify the following values:
   • Sensitive Entity - This is automatically populated with the sensitive entity name.
   • Attribute - The attribute's name.
   • Sensitive Type - Attribute classification used by operators as search criterion when performing Data Anonymization Requests. The following values are available: CNP, Name, Phone, First Name, Last Name.
     NOTE  
     Only attributes with sensitive types can be searched in data anonymization requests.
   • To Be Anonymized - Check to indicate that, if a sensitive entity record is subject to data anonymization, this attribute will be anonymized in accordance with its data type:

     Attribute Data Type	Anonymized Attribute Value
     Text	Sensitive data deleted.
     File	[]
     Text Area	Sensitive data deleted.
     Numeric	0
     Whole Number	0
     Date Time	01.01.1900
     Date	01.01.1900
     Bool	NULL
     Option Set	NULL
     Lookup	NULL

6. After you finish adding all the sensitive attributes, click Save and Reload.

   

2 Define the Related Sensitive Entities (optional)

The related sensitive entities allow you to propagate data anonymization to a chain of entities that are related to the main sensitive entity. For instance, when anonymizing a customer's data, you may want to also anonymize the data for all the bank accounts that the customer holds (which is stored in a related entity).

You can also include entities that are related to other related entities, extending the data anonymization scope to a tree of entities originating from the main sensitive entity.

To define a related sensitive entity:

1. In the sensitive data definition editor, select the Related Sensitive Entities tab.
2. In the Related Entities list, click Insert to add the sensitive entities that are part of the data anonymization scope. For each related entity, specify the following values:
   • Code - The identifier for the related entity.
   • Master Entity - Automatically populated with the sensitive entity identifier.
   • Relation - Select from the list of relationships of the sensitive entity.
   • Entity - Related entity name. Automatically populated based on the selected relation.
3. Click Save and Reload.
4. In the Sensitive Attributes list, click Insert to add any entity attributes that are part of the data anonymization scope. For each attribute, specify the following values:
   • Sensitive Entity - This is automatically populated with the related sensitive entity name.
   • Attribute - The attribute's name.
   • To Be Anonymized - Check to indicate that, if a sensitive entity record is subject to data anonymization, this attribute will be anonymized in accordance with its data type.

     

5. Click Save and Close.
6. Repeat from Step 4 to add any remaining sensitive attributes.

   

7. You can further define downstream related entities by selecting the Related Sensitive Entites tab and repeating the process.

8. Click Save and Close.

3 Add Validation Rules

Validation rules can prevent data anonymization if certain criteria are not met. For instance, you may want to allow data anonymization of a bank account data only if the account balance is 0.

To add a validation rule for a sensitive data definition:

1. In the sensitive data definition editor, select the Validation Rules tab.
2. In the Sensitive Validation Rules list, click the Insert button to add a rule.
3. In the Main tab, specify the following values:
   • Sensitive Entity - The identifier for the sensitive data definition.
   • Code - The identifier of the validation rule.
   • Name - The name of the validation rule.
   • Description - Optional detailed description of the validation rule.
   • Success Message - Message displayed in the operator's interface when validating the result of a Data Anonymization Requests if the validation is successful.
   • Failure Message - Message displayed in the operator's interface when validating the result of a Data Anonymization Requests if the validation fails.

   

4. In the Rule tab specify the expression of the validation rule. The expression must return true in case of a successful validation or false if the validation fails.

   

5. Click Save and Close.