Clone, Activate, or Stage a Global Policy
Compliance Requirement: CCPA, with additional provisions: mask all direct identifiers unless users are acting under a specified purpose and are a CCPA Admin.
To create this additional restriction and remain CCPA compliant, the compliance team could clone the templated CCPA policy in Immuta, edit and activate this more restrictive policy, and then stage the original templated policy.
1 - Clone the CCPA Policy
- Click the Policies icon in the left sidebar and navigate to the Data Policies or Subscription Policies tab.
Click the dropdown menu in the Actions column of the CCPA policy and select Clone.
Open the dropdown menu and click Edit in the Global Policy Builder. Then make your changes using the dropdown menus. In this illustration, the Data Governor added the condition that users must be a member of group
engineersto see unmasked data.
Click Create Policy, select Activate Policy, and then click Confirm.
Note: If a cloned policy contains custom certifications, the certifications will also be cloned.
2 - Stage the Original CCPA Policy
Click the dropdown menu in the Actions column of the original templated CCPA policy and select Stage. Note: If Data Governors decide to make a staged policy active, they select Activate from this dropdown menu.
Click Confirm in the dialog that appears.
The policy is now removed from data sources.
Now that this new CCPA Global Policy is active, users who are acting under the specified purpose and have the
Title.CCPA-Admin will see unmasked direct identifiers when accessing data:
No Purpose or
Purpose but no