Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Tags have several uses, mainly to drive policies, but they can be used for the following purposes:
Use tags for global subscription or data policies that will apply to all data sources in the organization. In doing this, company-wide data security restrictions can be controlled by the administrators and governors, while the users and data owners need only to worry about tagging the data correctly.
Generate Immuta reports from tags for anything from insider threat surveillance to data access monitoring.
Drive search results with tags in the Immuta UI.
Every user within Immuta can see tags, but they will all interact with them differently as their roles require. Governors create, manage, and delete tags or import tags from external catalogs. Data owners, data source experts, and governors apply these tags to or remove them from projects, data sources, and columns within the data sources. Data users view tags and tag metadata on data sources they have access to.
Best practice: Managing tags
Use the minimum number of tags possible to achieve the data privacy needed.
When navigating tags in the Immuta UI, there are several helpful features:
Side sheets: Clicking on a tag in the data dictionary, on the data overview page, or on a project page will open the tag side sheet with valuable information about the tag. This information depends on the kind of tag it is and where it is applied. The side sheet can include a link to the tag details page, a description of the tag, the context of the tag (i.e., where the tag was created and added from), the columns the tag is applied to, and actions that can be done to the tag (e.g., disabling or deleting the tag from its object).
Tooltips: When you hover over a tag, a tooltip will appear. It contains information about the tag, including where it was created (e.g., Immuta or an external catalog), whether the tag was applied by sensitive data discovery, and the full name of the tag.
Simplified names: When fully articulated, tags are presented as Parent . Child . Grandchild with " . " between each level. However, tags will usually appear as the lowest name level (i.e. Discovered . Entity . Person Name will appear as Person Name) and the full name can be seen in the tooltip.
Deprecation notice
Support for this feature has been deprecated.
Sensitive data discovery (SDD) helps to ensure sensitive data is properly managed and governed, providing fast identification for entities in columns such as credit card numbers, names, locations, social security numbers, bitcoin wallets, US phone numbers, financial data, and more.
Tag shortcuts
You can use keyboard shortcuts when creating tags.
Add sibling tag: "Enter"
Add child tag: "Shift"+"Enter"
Previous/next tag: "▼"/"▲"
Click the Governance icon in the navigation menu and select the Tags tab.
Click Add Tags in the top right corner.
Complete the Enter tag name field.
Additional nested tags are optional. These nested tags follow a tree structure. There are parent, sibling, and child tags. Click Remove Tag to remove a nested tag.
Click Save.
Click the Data icon in the navigation menu and select the Data Sources tab.
Select a data source.
Navigate to the Data Dictionary tab.
Hover over tags for metadata or click on a tag to open the side sheet with information about the tag.
Click the Governance icon in the navigation menu and select the Tags tab.
A list of all top-level tags will be displayed. Click the expand arrow to view nested tags.
Click the tag itself or the icon in the Actions column to edit tags, generate tag reports, or delete tags.
You can pull external tags that you had previously defined in the external catalog (e.g., Collibra, Snowflake, etc.).
Click the Governance icon in the navigation menu and select the Tags tab.
Click Refresh External Tags.
External tags will be automatically detected when you create a new data source that originates in an external catalog, or they can be linked directly from the data source overview page.
When using custom REST catalogs, the GET/dataSource/page/{id} endpoint returns a human-readable information page from the REST catalog for the data source associated with {id}. Immuta provides this as a mechanism for allowing the REST catalog to provide additional information about the data source that may not be directly ingested by or visible within Immuta. This link is accessed in the Immuta UI when a user clicks the catalog logo associated with the data source on the data source overview page.
Use case
Compliance Requirement: Users can only interact with Dev data, and all personal information should be redacted for everyone, except for queries run in Test and Prod.
For this requirement, data owners need to tag data sources with the corresponding environment tag and verify the accuracy of Discovered tags to ensure that the global policies written by data governors are enforced on the appropriate data sources.
Click the Data icon in the navigation menu and select the Data Sources tab.
Select a data source.
Click the Add Tags button at the bottom of the Overview tab.
Begin typing Environment.dev in the Search by Name field and select the tag from the dropdown list.
Click Add. A list of the applied tags will populate at the bottom of the Overview tab.
Repeat as necessary for other data sources and tags.
If sensitive data discovery is enabled by an application admin on the Immuta app settings page, Immuta will automatically discover sensitive data and tag those columns with Discovered tags when the data source is created. For more information about this feature, see the Sensitive data discovery page.
Best practice: Verify discovered tags
If sensitive data discovery has been enabled, then manually adding tags to columns in the data dictionary will be unnecessary in most cases. The data owner will just need to verify that the Discovered tags are correct.
If a governor, data owner, or data source expert disables a Discovered tag from the data dictionary, the column will not be re-tagged when the data source's fingerprint is recalculated or SDD is re-run. When a Discovered tag is disabled, the tag will not completely disappear, so it can be manually enabled from the tag side sheet.
To disable a discovered tag,
Navigate to a data source and click the Data Dictionary tab.
Scroll to the column you want to remove the tag from and click the tag you want to remove.
Click Disable in the side sheet and then click Confirm.
Click the Data icon in the navigation menu and select the Data Sources tab.
Select a data source.
Scroll to the Tags section at the bottom of the Overview tab, and click on the tag you want to remove.
Click Delete in the side sheet and then click Confirm.
The data dictionary lists the columns within the data source and the value type of the data within each column. From this page, governors can add tags to or remove them from specific columns in a data source.
Navigate to a data source and click the Data Dictionary tab.
Scroll to the column you want to add a tag to and click Add Tags.
Begin typing in the Search by Name field and select the tag from the dropdown list.
Click Add. The applied tag will appear below the column name in the data dictionary.
Navigate to a data source and click the Data Dictionary tab.
Scroll to the column you want to remove the tag from and click on the tag you want to delete.
Click Delete in the side sheet and then click Confirm.
Click the Data icon and select Projects in the left sidebar.
Select a project.
Click the Add Tags button at the bottom of the Project Overview tab.
Begin typing in the Search by Name field that appears, and then select the tag from the dropdown list.
Click Add. A list of the applied tags will populate at the bottom of the project overview.
Click the Data icon and select Projects in the left sidebar.
Select a project.
Scroll to the Tags section at the bottom of the Overview tab, and then click the tag you want to delete.
Click Delete in the side sheet and then click Confirm.
Only application admins can on the Immuta app settings page. Then, data source creators can disable SDD on a data-source-by-data-source basis. Additionally, governors, data source owners, and data source experts can disable any unwanted Discovered tags in the data dictionary to prevent them from being used and auto-tagged on that data source in the future.
When SDD is triggered on a data source, the job is run for the identifiers within the set template. If a template is not set, the identifier and template within the SDD job are defined by the global setting. By default, the global setting will run for all identifiers in the system. However, a system administrator can instead.
An active global template cannot be deleted.
SDD uses a sample of data to assess the likelihood that a column contains data that fits the pattern specified in the configured identifiers.
The default for SDD is to sample 1000 records (the sample size) during this process. However, administrators can taken by SDD on the Immuta app settings page. In general, increasing the sample size increases the accuracy of SDD predictions, but decreasing the number of records sampled during SDD may be necessary to meet some organizations' compliance requirements.
When SDD is triggered by a data owner, all column tags that were previously applied by SDD are removed and the tags prescribed by the latest run are applied. However, if SDD is triggered because a new column is detected by schema monitoring, tags will only be applied to the new column, and no tags will be modified on existing columns.
Users can also configure SDD to do a dryRun, which allows them to see what tags would be applied to a data source without actually applying them. See the for details.
Two common workflows for using SDD are outlined below. The first illustrates how to apply a single global template to all data sources, while the second outlines how users can create and apply templates to data sources they own.
Data governor creates one or more custom identifiers:
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Attributes of all custom identifiers and templates are provided on the . However, attributes specific to this section are outlined below.
| Attribute | Description |
|---|
Specify the data sources you would like to run SDD on, and save the payload in a .json file.
Or choose to run SDD on all the data sources in Immuta, and save the payload in a .json file.
Trigger SDD using one of these methods:
Immuta CLI
HTTP API
If sensitive data discovery was successfully run, you will receive a response similar to this:
Users can test how SDD will apply tags to their data sources by completing a dryRun, which allows users to test templates and tags:
test templates: If a template is specified in the payload when the dryRun is true, SDD will use this template instead of the template applied to the data source. Note: SDD will error if a template is specified here when dryRun is false.
test tags: Instead of applying tags, SDD just returns the tags that would be applied to the data source. This allows users to evaluate whether or not identifiers or templates are applying tags correctly without updating the data source.
After evaluating whether or not the tags have been applied appropriately, users can then make necessary changes to a template before triggering SDD again.
To complete a dryRun,
Trigger SDD using one of these methods:
Immuta CLI
HTTP API
You will receive a response that illustrates tags that will be added, tags that will be removed, and the final SDD result:
Once you are satisfied with how tags are applied by SDD, set dryRun to false (or omit it from the payload).
Trigger SDD again:
Immuta CLI
HTTP API
If the request was successful, you will receive a response similar to this one:
Select a data source from your My Data Sources page.
Click the Health Check dropdown menu.
In the Sensitive Data Discovery (SDD) section, click Re-run.
Continue to one of the following tutorials:
Create a custom identifier: Data governors can create custom identifiers to define their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
Deprecation notice
Support for this feature has been deprecated.
Sensitive data discovery (SDD) is an Immuta feature that uses sensitive data patterns to determine what type of data your column represents. Using identification rules and data samples from your tables, Immuta matches your data and can assign the appropriate tags to your data dictionary. This saves the time of identifying your data manually and provides the benefit of a standard taxonomy across all your data sources in Immuta.
SDD works by looking at a sample of data from each table that it checks against templates compiled of built-in or customized identifiers. If an identifier's pattern is matched with a column of the sampled data with an appropriate amount of confidence, then the corresponding tag is applied to that column, signifying the data it contains.
SDD queries a small sample of data for each data source in Immuta. This sample is temporarily held in memory to check for identifier matches. Then Immuta applies the relevant tags to those columns where matches were found.
This sampling and tagging process will happen anytime SDD is run. SDD can be triggered through the , through , or in the Immuta UI on the data sources overview page. SDD will also run automatically anytime one of the following events occurs:
A new data source is created.
Schema detection is enabled and a new data source is detected.
Column detection is enabled and new columns are detected. Here, SDD will only run on new columns and no existing tags will be removed or changed.
Sensitive data discovery (SDD) comprises two major elements: and .
The identifier is the basic building block of SDD. Each identifier in Immuta is a unique pattern (e.g., a regex or a list of values) and a list of tags to apply to data that matches the pattern. When Immuta recognizes that pattern, it can understand the type of data and tag the data to describe the type. For example, Immuta has the built-in identifier US_SOCIAL_SECURITY_NUMBER. Immuta will use a regex to look for strings of exactly nine digits, with or without hyphens after the third and fifth digits, with a leading digit between 0 and 8. SDD then scores columns by the percentage of values that match the pattern defined. This score determines whether or not the configured tags will be applied to a column. Once it finds a column that fits the expected pattern of US_SOCIAL_SECURITY_NUMBER with a reasonable match score, it will know how to tag it.
There are two types of identifiers:
Custom identifier: Custom identifiers allow data governors to create their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
The three types of identifiers are described below:
A template is a collection of identifiers and settings that drive the configuration of SDD runs. The settings users can apply through templates include the following:
classifiers (identifiers) are applied to data sources in the SDD run.
tags is an optional override for the tags applied by the identifiers.
minConfidence is an optional override for the minConfidence established in the identifier(s). When the detection confidence is at least the percentage defined in minConfidence, tags are applied.
sampleSize is an optional override for how many records to sample from the data source.
SDD does not run on data sources with over 1600 columns.
Deleting the built-in Discovered tags is not recommended: If you do delete built-in Discovered tags and use SDD, when the identifier is detected, the column will not be tagged. Tags can be disabled on a column-by-column basis from the data dictionary, or SDD can be turned off on a data-source-by-data-source basis when creating a data source.
Data governor using one or more built-in or custom identifiers.
.
.
.
.
.
Specify the data sources you would like to run sensitive data discovery on and set dryRun to true in the payload in a .json file. Note: You can also apply a template to a data source as a dryRun, like in the example below. However, when dryRun is false, a template cannot be included in the payload. Instead, the before running SDD.
: Trigger SDD to run on specified data sources.
: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
: These identifiers are included with Immuta and discover common categories of data (such as social security numbers, zip codes, and routing numbers). They cannot be modified. Users can or view the .
By default, all identifiers are matched against data sources when SDD is triggered, unless a is applied to a data source.
: This identifier contains a case-insensitive regular expression that allows users to match a custom regex against column values.
: This identifier includes a case-insensitive regular expression that is only matched against column names, not against the values in the column.
: This identifier contains a list of words and phrases to match against column values.
Users may apply a template globally or to a specific set of data sources. When SDD is triggered on a data source, it will use the identifiers and settings in its configured template to run the detection job. If no template has been configured, SDD will use the . By default, the global settings will use all identifiers in the system to run the detection.
To configure settings and customize SDD, see the .
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Select the checkbox to enable SDD, and then click Save and Confirm to apply your changes.
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Enter the name of your global template in the Global SDD Template Name field.
Click Save, and then Confirm your changes.
When a sample size is not specified in a template, SDD will use the default sample size of 1000 records. To adjust the sample size,
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Enter the number of rows in a data source you would like sampled when running SDD in the Default SDD Sample Size field.
Click Save, and then Confirm your changes.
sources |
|
all |
|
wait |
|
dryRun |
template |
|
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API.
Find identifiers to include in your template using one of these methods:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of available identifiers.
Save the template payload in a .json file. Use the tabs below to see different examples of templates.
Create the template:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the template. Use the tabs below to see different responses for different templates.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.account-number tag will be applied to columns that Immuta identifies with 50% confidence, as configured in the identifier.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.desk-location tag will be applied to columns when Immuta detects the values Research Lab, Blue Room or Purple Room with 60% confidence, as configured in the identifier.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.residence-hall tag will be applied to columns when Immuta detects values that match those listed in the Residence Halls data source with 70% confidence, as configured in the identifier.
Attributes of all custom identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to this section are outlined in the table below.
Find templates to apply to your data sources:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of available templates.
Select an appropriate template to apply to your data sources, and save the payload in a .json file:
Apply the template to your data source(s):
Immuta CLI
HTTP API
You will receive a response that indicates whether or not the template was successfully applied to your data sources.
Users cannot modify templates created by other data owners, but they can clone templates and make changes to the clone.
Get a list of templates to determine the template you want to clone using one of these methods:
Immuta CLI
HTTP API
Save the template clone name and details in a .json file.
Clone the template:
Immuta CLI
HTTP API
If the request was successful, you will receive a response that provides details about the template clone.
You can now modify the template, such as changing the identifiers (classifiers) included and the sampleSize.
To disable entity tags from being set, you can create a template to that configures the identifier that contains that tag.
For example, the built-in PERSON_NAME identifier contains the following tags: Discovered.PHI, Discovered.PII, Discovered.Entity.Person Name, and Discovered.Identifier Indirect. However, your organization doesn't have any health data, so you don't want the PHI tag to be applied to your data sources but you do want all the other tags within that identifier.
To override the Discovered.PHI tag, you would create a template that includes the PERSON_NAME identifier and removes the Discovered.PHI from the list of tags in the template payload.
View the details about the PERSON_NAME identifier so you know what to include in your template using one of these methods:
Immuta CLI
HTTP API
If the request was successful, the response will include details about the PERSON_NAME identifier.
Remove the Discovered.PHI tag from the list of tags in the identifier config, and save the template payload in a .json file.
Create the template:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that details the new template:
Now that you've created a template, continue to one of the following tutorials:
SDD global settings: Opt to add your template to the SDD global settings so that Immuta will use this template to run SDD for all data sources.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom column name regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically detect and tag columns that contain account numbers in your database.
A custom column name regular expression (regex) identifier allows you to create your own detectors that enable Immuta's sensitive data discovery to find column name matches based on a regex pattern. For example, if your database contains tables with social security numbers, you could define a regex pattern to match against the names of the column instead of the values within the column. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom column name regex identifier are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom column name regex identifier payload in a .json file. The regex ^ssn|social ?security$ looks for column names that match ssn, socialsecurity, or social security.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Attributes of identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to listing identifiers are outlined in the table below.
| Attribute | Description |
|---|---|
The response lists all built-in identifiers that are currently supported in Immuta SDD and their details, including their name and description. For example,
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
List built-in identifiers using one of these methods:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of built-in identifiers.
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
Create a custom identifier: Data governors can create custom identifiers to define their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically identify and tag columns that contain account numbers in your database.
A regular expression (regex) custom identifier allows you to create your own rules that enable Immuta's sensitive data discovery to find matches based on a regex pattern. For example, if a table contains account numbers in the form of xxxxxxxxx-xxx-x, you could define a regex pattern in a custom identifier to identify and tag these columns. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom regex identifier are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom regex identifier payload in a .json file.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
| Identifier | Description |
|---|---|
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom dictionary identifier
Scenario: You have data that includes the names of the rooms employees' desks are in across your organization. Although these locations may be considered sensitive in particular datasets, they would not be recognized by Immuta's built-in identifiers.
A custom dictionary identifier allows you to create your own rules that enable Immuta's sensitive data discovery to match a list of room names to values in the dataset. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom dictionary identifier are outlined in the table below.
| Attribute | Description |
|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom dictionary identifier payload in a .json file. The dictionary below contains the words Research Lab, Blue Room, and Purple Room.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
Immuta is pre-configured with a set of tags that can be used to write global policies before data sources even exist. See a list of the built-in Discovered tags below and the Built-in identifier reference page for information about where these tags will be applied.
All the tags below belong to the Country parent. For example, the full tag name will appear as Discovered . Country . Argentina.
| Child tag name | Description |
|---|---|
All the tags below belong to the Entity parent. For example, the full tag name will appear as Discovered . Entity . Aadhaar Individual.
None of the tags below have an additional parent or child tag. For example, the full tag name will appear as Discovered . Identifier Direct.
None of the tags below have an additional parent or child tag. For example, the full tag name will appear as Discovered . PCI.
boolean When true, SDD will not update the tags on the data source(s) and will just return what tags would have been applied or removed. See for an example. Default is false.
| Attribute | Description |
|---|---|
| Child tag name | Description |
|---|---|
| Tag name | Description |
|---|---|
| Tag name | Description |
|---|---|
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
string The identifier description.
Yes
type
string The type of identifier: columnNameRegex.
Yes
config
object Includes config.columnNameRegex and config.tags. *See descriptions for these below.
Yes
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
Yes
columnNameRegex*
string A case-insensitive regular expression to match against column names.
Yes
sortField
string The field by which to sort the search results: id, name, displayName, type, createdAt, or updatedAt.
sortOrder
string Denotes whether to sort the results in ascending (asc) or descending (desc) order. Default is asc.
offSet
integer Use in combination with limit to fetch pages.
limit
integer Limits the number of results displayed per page.
type
array[string] Searches for identifiers based on identifier type: builtIn.
searchText
string A partial, case-insensitive search on name.
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
string The identifier description.
Yes
type
string The type of identifier: regex.
Yes
config
object Includes config.minConfidence, config.tags, and config.regex. *See descriptions for these below.
Yes
minConfidence*
number When the detection confidence is at least this percentage, tags are applied.
Yes
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
Yes
regex*
string A case-insensitive regular expression to match against column values.
Yes
AGE
Matches numeric strings between 10 and 199, provided the column header contains text such as age, year, years, yr, or yrs. Tags include Discovered.PII, Discovered.Identifier, Indirect Discovered.PHI, Discovered.Entity.Age.
ARGENTINA_DNI_NUMBER
Matches strings consistent with Argentina National Identity (DNI) Number. Requires an eight-digit number with optional periods between the second and third and fifth and sixth digit. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Argentina, Discovered.PHI, Discovered.Entity.DNI Number.
AUSTRALIA_MEDICARE_NUMBER
Matches numeric strings consistent with Australian Medicare number. Requires a ten- or eleven-digit number. The starting digit must be between 2 and 6, inclusive. Optional spaces can be placed between the fourth and fifth and ninth and tenth digit. The optional 11th digit separated by a / can be present. A checksum is required. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Australia, Discovered.PHI, Discovered.Entity.Medicare Number.
AUSTRALIA_PASSPORT
Matches strings consistent with Australian Passport number. An 8- or 9-character string is required, with a starting upper case character (N, E, D, F, A, C, U, X) or a two-character starting character (P followed by A, B, C, D, E, F, U, W, X, or Z) followed by seven digits. Tags include Discovered.PII, Discovered.Identifier Direct Discovered.Country.Australia, Discovered.PHI, Discovered.Entity.Passport.
AUSTRALIA_TAX_FILE_NUMBER
Matches strings consistent with Australian Tax File number. Requires a nine-digit number with optional spaces between the third and fourth and sixth and seventh digits. A checksum is required. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Australia, Discovered.PHI, Discovered.Entity.Tax File Number.
BELGIUM_NATIONAL_ID_CARD_NUMBER
Matches numeric strings consistent with Belgium's National ID card. Requires a twelve-digit number with hyphen (-) between the third and fourth digit and tenth and eleventh digits. A two checksum is required. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Belgium, Discovered.PHI, Discovered.Entity.National ID Card Number.
BITCOIN_INVOICE_ADDRESS
Matches strings consistent with the following Bitcoin Invoice Address formats: P2PKH, P2SH, and Bech32. P2PKH and P2SH must start with a 1 or a 3, respectively, followed by 25 - 34 alphanumeric characters, excluding l, I, O, and 0. Bech32 formats must begin with bc1 and be followed by 39 characters. To be identified, any addresses must have a valid checksum. Tags include Discovered.Entity.CRYPTO, Discovered.PCI.
BRAZIL_CPF_NUMBER
Matches a numeric string consistent with Brazil's CPF (Cadastro Pessoal de Pessoa Física) number. An eleven-digit numeric string with non-numeric separators after the third, sixth, and ninth digits. A two digit checksum is required. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Brazil, Discovered.PHI, Discovered.Entity.CPF Number.
CANADA_BC_PHN
Matches numeric strings consistent with British Columbia's Personal Health Number (PHN). Requires a ten-digit numeric string with optional hyphen (-) or spaces after the fourth and seventh digits. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.British Columbia Health Network Number.
CANADA_DRIVERS_LICENSE_NUMBER
Matches strings consistent with Canadian driver's license numbers from each province. Looks for strings to be consistent with at least one of seven patterns. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.Drivers License Number.
CANADA_OHIP
Matches alphanumeric strings consistent with Ontario's Health Insurance Plan (OHIP). Requires a twelve-digit alphanumeric code. Optional hyphens (-) or spaces can appear after the fourth, seventh, and tenth digits. The final two characters are a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.Ontario Health Insurance Number.
CANADA_PASSPORT
Matches strings consistent with the Canadian Passport Number format as described here. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.Passport.
CANADA_QUEBEC_HIN
Matches alphanumeric strings consistent with Quebec's Health Insurance Number (HIN). Requires four alphabetic characters followed by an optional space or hyphen (-), and then eight digits with an optional hyphen or space after the fourth digit. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.Quebec Health Insurance Number.
CANADA_SOCIAL_INSURANCE_NUMBER
Matches numeric strings consistent with the Canadian Social Insurance number format. Requires a nine-digit numeric string with optional hyphens or spaces after the third and sixth digit. The last digit is a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Canada, Discovered.PHI, Discovered.Entity.Social Insurance Number.
CREDIT_CARD_NUMBER
Matches strings consistent with a credit card number. Must include a valid checksum. Tags include Discovered.PCI, Discovered.Entity.Credit Card Number.
DATE
Matches strings consistent with dates. These can include days of the week, dates, and date times. Tags include Discovered.Entity.Date.
DATE_OF_BIRTH
Matches date strings as Date of Birth if the column heading is dob, birth, etc. Tags include Discovered.PII, Discovered.Identifier Indirect, Discovered.PHI, Discovered.Entity.Date of Birth.
DENMARK_CPR_NUMBER
Matches numeric strings consistent with Personal Identification Number (CPR-number or Person-number). Requires a ten-digit number with either a DDMMYY-SSSS or DDMMYYSSSS format. The first six digits are an individual's birth date in Day, Month, Year format. The final four digits comprise the sequence number. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Denmark, Discovered.PHI, Discovered.Entity.CPR Number.
DOMAIN_NAME
Matches domain names using a very broad pattern. Tags include Discovered.Entity.Domain Name
EMAIL_ADDRESS
Matches strings consistent with an email address. Usernames are required to be fewer than 255 characters, follow by @a, a domain of fewer than 255 characters, and a top level domain of between 2 and 20 characters. Tags include Discovered.PHI, Discovered.Entity.Electronic Mail Address, Discovered.Identifier Direct.
ETHNIC_GROUP
Matches strings consistent with the US Census race designations. Tags include Discovered.PII, Discovered.Entity.Ethnic Group.
FDA_CODE
Matches a string consistent with a drug or ingredient registered with Food and Drug Administration (FDA). Must start with between 4 to 6 digits, followed by a hyphen, followed by 3 to 4 digits, followed by a hyphen, and finishing with one to two digits. Tags include Discovered.Country.US, Discovered.Entity.FDA Code.
FINLAND_NATIONAL_ID_NUMBER
Matches a string consistent with Finland's National ID number. Requires an eleven-character string in a DDMMYYCZZZQ format. The first six digits are an individual's birth date in Day, Month, Year format. The C character is a century of birth indicator (+ for the years 1800-1899, - for years 1900-1999, and A for years 2000-2099). ZZZ is an individual ID number, and Q is a required checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Finland, Discovered.PHI, Discovered.Entity.National ID Number.
FRANCE_CNI
Matches numeric strings consistent with the French National ID card number (carte nationale d'identité). Requires a twelve-digit numeric string. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.France, Discovered.PHI, Discovered.Entity.CNI.
FRANCE_NIR
Matches numeric strings consistent with France's National ID number (Numéro d'Inscription au Répertoire). Requires a fifteen-digit numeric string. An optional hyphen (-) or space can appear after the 13th digit. The 14th and 15th digits act as a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.France, Discovered.PHI, Discovered.Entity.NIR.
FRANCE_PASSPORT
Matches alphanumeric strings consistent with the French Passport number. Requires two numbers followed by two upper case letters and ends with 5 digits. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.France, Discovered.PHI, Discovered.Entity.Passport.
GENDER
Matches strings consistent with gender. Tags include Discovered.PII, Discovered.Identifier Indirect, Discovered.PHI, Discovered.Entity.Gender.
GERMANY_DRIVERS_LICENSE_NUMBER
Matches alphanumeric strings consistent with Germany's Driver's License number. Requires an eleven-element string, with a digit or a letter followed by two digits, 6 digits or letters, one digit, and one digit or letter. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Germany, Discovered.PHI, Discovered.Entity.Drivers License Number.
GERMANY_IDENTITY_CARD_NUMBER
Matches alphanumeric strings consistent with Germany's Identity Card number. Requires a single letter followed by eight digits. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Germany, Discovered.PHI, Discovered.Entity.Identity Card Number.
IBAN_CODE
Matches strings consistent with an International Bank Account Number (IBAN). Must contain a valid country code. Tags include Discovered.Entity.IBAN Code.
ICD10_CODE
Matches strings consistent with codes from the International Statistical Classification of Diseases and Related Health Problems (ICD), as drawn from the Clinical Modification lexicon from the year 2020. Tags include Discovered.Entity.ICD10 Code.
IMEI_HARDWARE_ID
Matches strings consistent with an International Mobile Equipment Identity (IMEI) number. Must contain 15 digits with optional hyphens or spaces after the second, 8th, and 14th digits. Tags include Discovered.Entity.IMEI.
IP_ADDRESS
Matches IP Addresses in the V4 and V6 formats. Tags include Discovered.Entity.IP Address.
LOCATION
Matches strings consistent with Countries, States, Addresses, or Municipalities. By default focuses on locations in the United States. Tags include Discovered.Entity.Location.
MAC_ADDRESS
Matches strings consistent with a Media Access Control (MAC) address. Must contain twelve hexadecimal digits, with every two digits separated by a colon. Tags include Discovered.Entity.MAC Address.
MAC_ADDRESS_LOCAL
Matches strings consistent with a local Media Access Control (MAC) address. Tags include Discovered.Entity.MAC Address Local.
PERSON_NAME
Matches strings consistent with a dictionary of people's names. US person names are drawn from the US Social Security database. Tags include Discovered.PII, Discovered.PHI, Discovered.Entity.Person Name, Discovered.Identifier Indirect.
PHONE_NUMBER
Matches strings consistent with telephone numbers. Primarily looks for strings consistent with the United States telephone numbers naming convention. Tags include Discovered.Entity.Telephone Number.
POSTAL_CODE
Matches strings consistent with a valid US zip code with an optional +4. Only valid 5 digit zip codes are matched. Tags include Discovered.Entity.Postal Code.
SPAIN_DRIVERS_LICENSE_NUMBER
Matches alphanumeric strings consistent with Spain's Driver's License number. Requires eight digits followed by a single letter or digit. The final digit acts as a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Spain, Discovered.PHI, Discovered.Entity.Drivers License Number.
SPAIN_NIE_NUMBER
Matches strings consistent with Spain's Foreigner Identification number. Requires an eight-character string. The initial character must be X, Y, or Z, followed by seven digits, then by an optional hyphen or space and a single checksum character. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Spain, Discovered.PHI, Discovered.Entity.NIE Number.
SPAIN_NIF_NUMBER
Matches strings consistent with Spain's Tax Identification number. Requires an eight-character string. Requires eight digits followed by an optional hyphen or space and a single checksum character. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Spain, Discovered.PHI, Discovered.Entity.NIF Number.
SPAIN_PASSPORT
Matches strings consistent with Spain's Passport number. Requires an eight- or nine-character string, starting with either two or three letters followed by six digits. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Spain, Discovered.PHI, Discovered.Entity.Passport.
STREET_ADDRESS
Matches strings consistent with street addresses. Primarily looks for strings consistent with the United States street naming convention. Tags include Discovered.Entity.Location.
SWEDEN_NATIONAL_ID_NUMBER
Matches numeric strings consistent with Sweden's Nation ID number. Requires a ten- or twelve-digit string that must start with a date in either the YYMMDD or YYYYMMDD formats. An optional - or + character then separates four ending digits. The final digit is a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Sweden, Discovered.PHI, Discovered.Entity.National ID Number.
SWEDEN_PASSPORT
Matches numeric strings consistent with Sweden's Passport number. Requires an 8-digit number. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Sweden, Discovered.PHI, Discovered.Entity.Passport.
SWIFT_CODE
Matches alphanumeric strings consistent with a SWIFT code (or Bank Identifier Code (BIC)) format. Tags include Discovered.Entity.Swift Code.
THAILAND_NATIONAL_ID_NUMBER
Matches strings consistent with Thailand's National ID number. Requires a 13-digit number with optional spaces or hyphens (-) after the first, fifth, tenth, and twelfth digits. The final digit is a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.Thailand, Discovered.PHI, Discovered.Entity.National ID Number.
TIME
Matches strings consistent with times. Can contain both date and time pieces. Tags include Discovered.Entity.Date.
UK_DRIVERS_LICENSE_NUMBER
Matches alphanumeric strings consistent with the United Kingdom's Driver's License number. Requires either a 16- or 18-character string. The first five characters represent the driver's surname, padded with 9s, followed by a single digit for decade of birth, two digits for month of birth (incremented by 50 for female drivers), two digits for day of birth, one digit for year of birth, two letters, an arbitrary digit, and two digits. Two additional digits can be present for each license issuance. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.UK, Discovered.PHI, Discovered.Entity.Drivers License Number.
UK_NATIONAL_INSURANCE_NUMBER
Matches alphanumeric strings consistent with the United Kingdom's National Insurance number. Requires a nine-character string. The first two digits must be letters, followed by an optional space, then six digits with optional spaces or hyphens (-) every two digits, ending with a letter. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.UK, Discovered.PHI, Discovered.Entity.National Insurance Number.
UK_PASSPORT
Matches numeric strings consistent with the United Kingdom's passport number. Requires a nine-digit numeric string. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.UK, Discovered.PHI, Discovered.Entity.Passport.
UK_TAXPAYER_REFERENCE
Matches ten-digit numeric strings consistent with UK Taxpayer Reference (UTR) numbers. The final digit is a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.UK, Discovered.PHI, Discovered.Entity.Taxpayer Reference.
URL
Matches string consistent with a Uniform Resource Locator (URL). String must begin with http://, https://, ftp://, file:///, or mailto:, followed by a string and ending with a top level domain of no more than 128 characters. Tags include Discovered.Entity.URL.
US_ADOPTION_TAXPAYER_IDENTIFICATION_NUMBER
Matches a numeric string consistent United States Adoption Taxpayer Identification Number (ATIN). Requires a string similar in format to a US Social Security Number, but starting with a 9 in the Area Number and having 93 as an allowed Group Number. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.PHI, Discovered.Entity.Adoption Taxpayer ID Number.
US_BANK_ROUTING_MICR
Matches numeric string consistent with an American Bankers Association (ABA) Routing Number. Must be a nine-digit number starting with 0, 1, 2, 3, 6, or 7, followed by eight digits. The final digit is a checksum. Tags include Discovered.Country.US, Discovered.Entity.Bank Routing MICR.
US_DEA_NUMBER
Matches alphanumeric strings consistent with a Drug Enforcement Administration (DEA) number that is assigned to a health care provider. Must be a length of nine characters. The first two digits must be alphanumeric, and the last seven digits must be digits. The final digit is a checksum. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.Entity.DEA Number.
US_DRIVERS_LICENSE_NUMBER
Matches strings consistent with some US Driver's license numbers. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.PHI, Discovered.Entity.Drivers License Number.
US_EMPLOYER_IDENTIFICATION_NUMBER
Matches numeric string consistent United States Employer Identification Number (EIN). Strings must contain nine digits with a hyphen after the second digit. Tags include Discovered.Country.US, Discovered.Entity.Employer ID Number.
US_HEALTHCARE_NPI
Matches numeric strings consistent with US National Provider Identifier (NPI). Strings must be either 10 or 15 digits with the final digit being a valid checksum. Tags include Discovered.PII, Discovered.Country.US, Discovered.Entity.Healthcare NPI, Discovered.Identifier Undetermined.
US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER
Matches a numeric string consistent United States Individual Taxpayer Identification Number (ITIN). Requires a string similar in format to a US Social Security Number, but starting with a 9 in the Area Number and having a limited set of allowed Group Numbers. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.PHI, Discovered.Entity.Individual Taxpayer ID Number.
US_PASSPORT
Matches numeric strings consistent with United States Passport number. Strings must contain nine digits. Columns should have a name or label consistent with a passport. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.PHI, Discovered.Entity.Passport.
US_PREPARER_TAXPAYER_IDENTIFICATION_NUMBER
Matches strings consistent with a Preparer Taxpayer ID number. Strings must have nine characters, starting with a P that is followed by 8 digits. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.Entity.Preparer Taxpayer ID Number.
US_SOCIAL_SECURITY_NUMBER
Matches strings consistent with a US Social Security Number. Strings must contain nine digits and comprise three parts: the three left-most digits designating the area number, the middle two digits designating the group number, and the four right-most digits designating the serial number. For a column to be tagged, none of these parts can contain all zeroes, and area numbers must not be 666 or in the range of 900-999. Tags include Discovered.PII, Discovered.Identifier Direct, Discovered.Country.US, Discovered.PHI, Discovered.Entity.Social Security Number.
US_STATE
Matches strings consistent with either a full name or two-letter abbreviation of a US state or territory. Tags include Discovered.Country.US, Discovered.Entity.State.
US_TOLLFREE_PHONE_NUMBER
Matches strings consistent with a US toll-free telephone number. Allowed area codes are 800, 88+any digit, or 899. Tags include Discovered.Country.US, Discovered.Entity.Tollfree Telephone Number.
VEHICLE_IDENTIFICATION_NUMBER
Matches strings consistent with Vehicle Identification Numbers. A checksum is required as well as a valid World Manufacturer Identifier. Tags include Discovered.Country.US, Discovered.Entity.Vehicle Identifier or Serial Number.
name
string Unique, request-friendly identifier name.
displayName
string Unique, human-readable identifier name.
description
string The identifier description.
type
string The type of identifier: dictionary.
config
object Includes config.minConfidence, config.tags, config.values, and config.caseSensitive (defaults to false). *See descriptions below.
minConfidence*
number When the detection confidence is at least this percentage, tags are applied.
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
values*
array[string] The list of words to include in the dictionary.
caseSensitive*
boolean Indicates whether or not values are case sensitive. Defaults to false.
template
string The name of the template to apply to the data sources; null clears the current template.
sources
string The name of the data sources to apply the template to.
Argentina
This tag is applied to data recognized as specific to Argentina (e.g., an Argentina National Identity Number).
Australia
This tag is applied to data recognized as specific to Australia (e.g., an Australian Medicare number, Australian passport number, or Australian Tax File number).
Belgium
This tag is applied to data recognized as specific to Belgium (e.g., a Belgium National ID card).
Brazil
This tag is applied to data recognized as specific to Brazil (e.g., a Brazil CPF number).
Canada
This tag is applied to data recognized as specific to Canada (e.g., a British Columbia PHN, Canadian driver's license number, OHIP string, Canadian passport number, Quebec's HIN, or Canadian Social Insurance number).
Chile
This tag is for data specific to Chile.
China
This tag is for data specific to China.
Colombia
This tag is for data specific to Colombia.
Denmark
This tag is applied to data recognized as specific to Denmark (e.g., a Denmark CPR or Person-number).
Finland
This tag is applied to data recognized as specific to Finland (e.g., a Finland National ID number).
France
This tag is applied to data recognized as specific to France (e.g., a French National ID card number, France National ID number, or French passport number).
Germany
This tag is applied to data recognized as specific to Germany (e.g., a German driver's license number or a Germany Identity Card number).
Hong Kong
This tag is for data specific to Hong Kong.
India
This tag is for data specific to India.
Indonesia
This tag is for data specific to Indonesia.
Japan
This tag is for data specific to Japan.
Korea
This tag is for data specific to Korea.
Mexico
This tag is for data specific to Mexico.
Netherlands
This tag is for data specific to Netherlands.
Norway
This tag is for data specific to Norway.
Paraguay
This tag is for data specific to Paraguay.
Peru
This tag is for data specific to Peru.
Poland
This tag is for data specific to Poland.
Singapore
This tag is for data specific to Singapore.
Spain
This tag is applied to data recognized as specific to Spain (e.g., a Spanish driver's license number, Spain Foreigner Identification number, Spain Tax Identification number, or Spanish passport number).
Sweden
This tag is applied to data recognized as specific to Sweden (e.g., a Sweden National ID number or Swedish passport number).
Taiwan
This tag is for data specific to Taiwan.
Thailand
This tag is applied to data recognized as specific to Thailand (e.g., a Thailand National ID number).
Turkey
This tag is for data specific to Turkey.
UK
This tag is applied to data recognized as specific to United Kingdom (e.g., a United Kingdom driver's license number, United Kingdom National Insurance number, United Kingdom passport number, or United Kingdom Taxpayer Reference number).
Uruguay
This tag is for data specific to Uruguay.
US
This tag is applied to data recognized as specific to the U.S. (e.g., an FDA code, United States ATIN, ABA routing number, DEA number, United States driver's license number, United States EIN, United States NPI number, United States ITIN, United States passport number, United States Preparer Taxpayer ID number, United States SSN, United States territory or state, or United States toll-free phone number).
Venezuela
This tag is for data specific to Venezuela.
Aadhaar Individual
This tag is for Aadhaar Individual numbers.
Adoption Taxpayer ID Number
This tag is applied to data recognized as a United States Adoption Taxpayer Identification number.
Age
This tag is applied to data recognized as an age.
Bank Account
This tag is for bank account numbers.
Bank Routing MICR
This tag is applied to data recognized as an American Bankers Association routing number.
Bankers CUSIP ID
This tag is for CUSP identification numbers for stocks and bonds.
British Columbia Health Network Number
This tag is applied to data recognized as British Columbia's Personal Health Number.
BSN Number
This tag is for Netherlands citizen service number.
BSN Number
This tag is for Netherlands citizen service numbers.
CDC Number
This tag is for CDC numbers.
CDI Number
This tag is for CDI numbers.
CIC Number
This tag is for CIC numbers.
CNI
This tag is applied to data recognized as a French National ID card number.
CPF Number
This tag is applied to data recognized as Brazil's CPF number.
CPR Number
This tag is applied to data recognized as Denmark's Personal Identification number.
Credit Card Number
This tag is applied to data recognized as a credit card number.
CURP Number
This tag is for Mexican CURP numbers.
CRYPTO
This tag is applied to data recognized as a Bitcoin Invoice Address.
Date
This tag is applied to data recognized as a date.
Date of Birth
This tag is applied to data recognized as a date of birth.
DEA Number
This tag is applied to data recognized as the DEA number of a healthcare provider.
DNI Number
This tag is applied to data recognized as an Argentina National Identity number.
Domain Name
This tag is applied to data recognized as a domain.
Driver's License Number
This tag is applied to data recognized as driver's licenses numbers from Canada, Germany, Spain, United Kingdom, or the United States.
Electronic Mail Address
This tag is applied to data recognized as an email address.
Employer ID Number
This tag is applied to data recognized as an Employer Identification number from the United States.
Ethnic Group
This tag is applied to data recognized as an ethnic group.
FDA Code
This tag is applied to data recognized as the code of a drug or ingredient registered with the FDA.
Gender
This tag is applied to data recognized as a gender.
GST Individual
This tag is for Indian GST individual numbers.
Healthcare NPI
This tag is applied to data recognized as a United States National Provider Identifier number.
IBAN Code
This tag is applied to data recognized as an International Bank Account number.
ICD10 Code
This tag is applied to data recognized as an ICD10 code from the International Statistical Classification of Diseases and Related Health Problems.
ICD9 Code
This tag is for ICD9 codes from the International Statistical Classification of Diseases and Related Health Problems.
ID Number
This tag is for any ID number.
Identity Card Number
This tag is applied to data recognized as an identity card number from Germany.
IMEI
This tag is applied to data recognized as an International Mobile Equipment Identity number.
Individual Number
This tag is for any individual number.
Individual Taxpayer ID Number
This tag is applied to data recognized as a United States Individual Taxpayer Identification Number.
IP Address
This tag is applied to data recognized as an IP address.
Location
This tag is applied to data recognized as a country, state, address, or municipality.
MAC Address
This tag is applied to data recognized as a Media Access Control address.
MAC Address Local
This tag is applied to data recognized as a local Media Access Control address.
Medicare Number
This tag is applied to data recognized as a Medicare number from Australia.
National Health Service Number
This tag is for national health service numbers.
National ID Card Number
This tag is applied to data recognized as a national ID card number from Belgium.
National ID Number
This tag is applied to data recognized as a national ID number from Finland, Sweden, and Thailand.
National Insurance Number
This tag is applied to data recognized as a United Kingdom national insurance number.
National Registration ID Number
This tag is for national registration ID numbers.
NI Number
This tag is for Norway NI numbers.
NIE Number
This tag is applied to data recognized as a Spanish Foreigner Identification number.
NIF Number
This tag is applied to data recognized as a Spanish Tax Identification number.
NIK Number
This tag is applied to data recognized as an Indonesian personal identification number (NIK).
NIR
This tag is applied to data recognized as France's National ID number.
Ontario Health Insurance Number
This tag is applied to data recognized as part of an Ontario Health Insurance Plan string.
PAN Individual
This tag is for PAN Individual numbers.
Passport
This tag is applied to data recognized as a passport number from Australia, Canada, France, Spain, Sweden, United Kingdom, and United States.
Person Name
This tag is applied to data recognized as people's names.
PESEL Number
This tag is for Poland PESEL numbers.
Postal Code
This tag is applied to data recognized as a United States zip code.
Preparer Taxpayer ID Number
This tag is applied to data recognized as a Preparer Taxpayer ID number.
Quebec Health Insurance Number
This tag is applied to data recognized as a Quebec Health Insurance Number.
Resident ID Number
This tag is for China Resident ID numbers.
RRN
This tag is for Korea Resident Registration numbers.
Social Insurance Number
This tag is applied to data recognized as a Canadian Social Insurance number.
Social Security Number
This tag is applied to data recognized as a United States Social Security Number.
State
This tag is applied to data recognized as a state of the United States.
Swift Code
This tag is applied to data recognized as a SWIFT code.
Tax File Number
This tag is applied to data recognized as an Australian Tax File number.
Taxpayer ID Number
This tag is applied to data recognized as Taxpayer ID numbers from the United States.
Taxpayer Reference
This tag is applied to data recognized as United Kingdom Taxpayer Reference numbers.
Telephone Number
This tag is applied to data recognized as a phone number.
Tollfree Telephone Number
This tag is applied to data recognized as a United States toll-free phone number.
URL
This tag is applied to data recognized as a URL.
Vehicle Identifier or Serial Number
This tag is applied to data recognized as a VIN.
Identifier Direct
This tag is applied to data recognized as a direct identifier that can be uniquely associated with an individual. Examples of direct identifiers include: name, username, email, official individual identification numbers such as passport or identity card numbers, or privately issued individual identification numbers such as a student ID.
Identifier Indirect
This tag is applied to data recognized as an indirect identifier that is not uniquely associated with an individual. However this indirect identifier could become distinguishable when combined with other attributes. Examples of indirect identifiers include: age and affinity.
Identifier Undetermined
This tag is applied to data which could be an identifier associated with an individual.
PCI
This tag is applied to data recognized as payment card information.
PHI
This tag is applied to data recognized as personal health data.
PII
This tag is applied to data recognized as personally identifiable information.