Skip to content

Sensitive Data Detection

Audience: Data Owners and Data Governors

Content Summary: To help users identify sensitive data and to enhance the power of Global Policies, Immuta offers External Sensitive Data Detection and Internal Sensitive Data Detection. This page will describe these options with the benefits.

License-Driven Feature

External Sensitive Data Detection is a license-driven feature that must be added for you before it is available in your Immuta instance.

Feature Demo: Sensitive Data Detection

External Sensitive Data Detection

When enabled on the App Settings page, this feature uses third party services to automatically identify and tag columns that contain sensitive data (PII, PHI, etc.) when the data source is created; this detection is based on an extremely small randomized sampling of underlying data, which is encrypted in transit, is used only for entity prediction, and remains confidential and managed by Immuta, subject to the same guarantees reviewed and agreed to in our license agreement.

During the fingerprint process External Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.

Discovered Tags

The Immuta application is pre-configured with a set of these tags that the service can return so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.

Only Application Admins have the option to enable External Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can disable any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.

Internal Sensitive Data Detection

When enabled on the App Settings page, this feature automatically identifies and tags columns that contain sensitive data (PII, PHI, etc.) when the data source is created; this detection is based on a small sample of underlying data, which remains in the users' network.

During the fingerprint process Internal Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.

The Immuta application is pre-configured with a set of these tags so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.

Unlike External Sensitive Data Detection, users do not need a license to enable it. However, only Application Admins have the option to enable Internal Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can disable any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.