Deprecation notice: Support for this feature has been deprecated. Use the /frameworks API to create your own classification frameworks.
Discover comes preconfigured with a bundle of classification frameworks for use out-of-the-box once endorsed by your organization's admins. These frameworks are designed by Immuta’s Legal Engineering and Research Engineering teams and informed by data privacy regulations and security standards: GDPR, CCPA, GLBA, HIPAA, PCI, and global best practices. They are a starting point for companies to customize to their own classification, security, and risk policies.
The Data Security Framework is the general classification framework. It provides the groundwork for categorizing data based on its context but is not specific to any regulatory framework and does not assign sensitivity or risk values to the data it tags. It provides a consistent taxonomy used throughout Immuta, from other built-in frameworks to customized frameworks that classify data valuable to your organization to Secure data and subscription policies.
The Data Security Framework is a supportive tool that accelerates data classification. Use the Data Security Framework in tandem with Discover identification frameworks out-of-the-box for the easy and quick onboarding of data sources and tags. Then, choose the compliance frameworks that matter to your industry or start building your own classification frameworks that assign sensitivity to the specific data of your organization. Your organization's compliance team should review the compliance frameworks as you would a template for a policy or contract and adapt them as needed to ensure a complete inventory and proper classification of your data.
You can view the Data Security Framework tags and their descriptions from the tags page in the UI or from the data dictionary when they are applied to a data source. Note the field and record tags. While they seem similar, the field and record tags are both necessary to convey the content of your data. Field tags describe the content of the columns, and record tags describe the content of the table.
Use the Data Security Framework with the Risk Assessment Framework
To classify your data use both the Data Security Framework to set the groundwork for classification and the Risk Assessment Framework to apply tags with sensitivity metadata based on the Data Security Framework tags. With Snowflake, these frameworks together will show sensitive queries in Detect dashboards.
The Risk Assessment Framework provides the visible tags to your data's sensitivity based on the confidentiality risks it poses to your organization or the data subjects.
Use the Risk Assessment Framework out-of-the-box with the Data Security Framework and Discover identification frameworks to provide sensitivities to view in the Detect dashboards. Additionally, you can copy the framework using the API and create new rules to assign risk level and sensitivity to other data specific to your use case.
The risk assessment tags have sensitivity level metadata assigned to them that will appear in the Detect dashboards as non-sensitive (when no risk assessment tag is applied), sensitive, and highly-sensitive. Additionally, use the risk assessment tags to build Secure policies to restrict access to highly-risky and confidential data.
| Tag Name | Description | Sensitivity | Sensitivity Level |
|---|---|---|---|
Use the Data Security Framework with regulatory frameworks
The Data Security Framework provides the necessary translation of Discovered entity tags to classification tags. Without the Data Security Framework on, the regulatory frameworks will not automatically work with your data and will require customization.
Immuta comes with four regulatory frameworks informed by the best practices of a specific regulation or standard. These are designed by Immuta’s Legal Engineering and Research Engineering teams as a general interpretation, but each organization should customize them based on their internal practices:
CCPA Framework: Classifies personal sensitive information controlled under the California Consumer Privacy Act (CCPA), as amended by the Consumer Privacy Rights Act (CCPA). This framework tags personal information, including communication content (like the body of a text message) and details about an individual's sexual orientation, religion, race, or biometric data.
GDPR Framework: Classifies personal data of specific categories protected under the EU General Data Protection Regulation (GDPR). This framework tags personal data, including details about an individual's health, sexual orientation, religion, race, or biometric data.
HIPAA Framework: Classifies protected health data controlled under the US Health Insurance Portability and Accountability Act (HIPAA). This framework tags health data connected to a specific individual.
PCI Framework: Classifies payment card information relevant to the Payment Card Industry (PCI) standard. This framework tags payment card information, including account, authentication, and cardholder data.
Organizations are responsible for making their own independent assessment of the framework rules. The framework rules are only templates and are not necessarily adapted to the specific context in which an organization operates. Framework rules do not constitute legal advice. They do not create any commitments or assurances from Immuta that users will necessarily comply with the statutes or standards that have informed these framework rules.
RAF.Confidentiality.Medium
Indicates confidential data with medium privacy risk to the data subject.
Sensitive
1
RAF.Confidentiality.High
Indicates confidential data with high privacy risk to the data subject.
Highly-Sensitive
2
RAF.Confidentiality.Very High
Indicates confidential data with very high privacy risk to the data subject.
Highly-Sensitive
3
Deprecation notice: Support for this feature has been deprecated. Use the /frameworks API to create your own classification frameworks.
The Immuta Data Security Framework (DSF) was designed by Immuta’s Legal Engineering and Research Engineering teams and is informed by data privacy regulations and security standards: GDPR, CCPA, GLBA, HIPAA, PCI, and global best practices. Tags should be reviewed by your organization's compliance team to ensure complete inventory and proper classification. Once activated, Immuta DSF will immediately work within Immuta Detect by assessing the entity tags applied by sensitive data discovery and applying the built-in rules and conditions to apply classification tags to the necessary columns. These classification tags then inform the sensitivity type of the data in the dashboards and reflect the risk levels of the columns, data sources, and queries that contain your data. The Immuta DSF is a supportive tool that accelerates data classification.
These select classification tags have sensitivity metadata attached to them and are automatically applied based on the other classification tags listed below.
| Tag Name | Description | Sensitivity | Sensitivity Level |
|---|---|---|---|
These classification tags are automatically applied based on the Immuta Discovered tags. They do not have sensitivity attached.
| Tag name | Description |
|---|---|
Organizations are responsible for making their own independent assessment of the framework rules. The framework rules are only templates and are not necessarily adapted to the specific context in which an organization operates. Framework rules do not constitute legal advice. They do not create any commitments or assurances from Immuta that users will necessarily comply with the statutes or standards that have informed these framework rules.
Immuta DSF . Personal
Indicates the presence of personal data of an individual.
1
Sensitive
Immuta DSF . Child
Indicates the presence of personal data of a child (i.e. a person under the age of 18).
2
Highly-sensitive
Immuta DSF . Financial
Indicates the presence of financial or bank data (e.g. a swift code, financial account number, tax-related data, transaction date, salary, account credentials, etc.).
2
Highly-sensitive
Immuta DSF . Health
Indicates the presence of an individual's health data.
2
Highly-sensitive
Immuta DSF . Sensitive Business
Indicates the presence of business data that is sensitive and highly confidential.
2
Highly-sensitive
Immuta DSF . Sensitive Personal
Indicates the presence of individual data that is sensitive to an individual, and if processed, could lead to serious harm for the individual (e.g. SSN, biometric data, child data, etc.).
2
Highly-sensitive
Immuta DSF . Account Credentials
Indicates the presence of authentication secrets, like passwords and emails or usernames when combined.
3
Highly-sensitive
Immuta DSF . Biometric Authentication
Indicates the presence of biometric data used for authentication including, facial images and fingerprints.
3
Highly-sensitive
Immuta DSF . Address
Indicates the presence of a physical address.
Immuta DSF . Affinity
Indicates the presence of an affiliation to trade unions or political parties, religious or philosophical belief, political opinions, sexual life or orientation, race, or ethnicity.
Immuta DSF . Affiliation
Indicates the presence of an affiliation to trade unions or political parties.
Immuta DSF . Age
Indicates the presence of a person's age.
Immuta DSF . Authentication Secret
Indicates the presence of authentication secrets including, banking pins, biometric authentication data, cryptographic keys, OTAC, OTPSeed, or passwords.
Immuta DSF . Bank Account Number
Indicates the presence of bank account numbers.
Immuta DSF . Banking PIN
Indicates the presence of a four digit bank PIN.
Immuta DSF . Belief
Indicates the presence of religious or philosophical beliefs.
Immuta DSF . Biometric
Indicates the presence of biometric or body data including, facial images, fingerprints, height (length), mass, weight, and temperature.
Immuta DSF . Business Identification Number
Indicates the presence of an identification number specifically for business, such as an employee ID number.
Immuta DSF . Business
Indicates the presence of sensitive business information.
Immuta DSF . City
Indicates the presence of a city.
Immuta DSF . Country Subdivision
Indicates the presence of a country subdivision.
Immuta DSF . Country
Indicates the presence of a country.
Immuta DSF . Credit Card Number
Indicates the presence of a credit card number.
Immuta DSF . Cryptocurrency Wallet
Indicates the presence of a cryptocurrency wallet (e.g. Bitcoin wallet).
Immuta DSF . Cryptographic Key
Indicates the presence of a string used as an encryption key.
Immuta DSF . Date
Indicates the presence of a date in time.
Immuta DSF . Device Geolocation
Indicates the presence of the coordinates of a device.
Immuta DSF . Device
Indicates the presence of a network address, a telephone number, or an IMEI number.
Immuta DSF . Direct
Indicates the presence of a direct identifier that can be uniquely associated with an individual. Examples of direct identifiers include: name, username, email, official individual identification numbers such as passport or identity card numbers, or privately issued individual identification numbers such as a student ID.
Immuta DSF . Domain Name
Indicates the presence of a website domain name.
Immuta DSF . Driver License
Indicates the presence of a driver's license.
Immuta DSF . Email
Indicates the presence of an email.
Immuta DSF . Facial Images
Indicates the presence of images of human faces.
Immuta DSF . Fax Number
Indicates the presence of a fax number.
Immuta DSF . Financial Account Authentication
Indicates the presence of authentication information required to use services of a financial institution (e.g. payment services).
Immuta DSF . Financial Account Number
Indicates the presence of a number associated with an account at a financial institution (e.g. bank account number, IBAN, credit card number, etc.).
Immuta DSF . Financial Transaction Date
Indicates the presence of a date of a financial record.
Immuta DSF . Fingerprints
Indicates the presence of human fingerprint data.
Immuta DSF . Gender
Indicates the presence of gender.
Immuta DSF . Genetic
Indicates the presence of genetic information about a person.
Immuta DSF . Geolocation
Indicates the presence of location in longitude and/or latitude coordinates.
Immuta DSF . Health Card Number
Indicates the presence of the number assigned to a health card (e.g. the British Columbia Health Network Number or Medicare).
Immuta DSF . Health Insurance Card Number
Indicates the presence of the number assigned to a health insurance card.
Immuta DSF . Indirect
Indicates the presence of an indirect identifier that is not uniquely associated with an individual. However this indirect identifier could become distinguishable when combined with other attributes. Examples of indirect identifiers include: age and affinity.
Immuta DSF . Infrastructure
Indicates the presence of business network information.
Immuta DSF . Internal Reference
Indicates the presence of data unique to an individual, but that cannot distinguish the individual without another direct identifier.
Immuta DSF . Internal User ID
Indicates the presence of a user ID specific to the company or dataset.
Immuta DSF . Latitude
Indicates the presence of latitude coordinates.
Immuta DSF . Length
Indicates the presence of measurement data in length (e.g. height).
Immuta DSF . License Plate
Indicates the presence of a license plate number.
Immuta DSF . Location
Indicates the presence of a physical location including: address, a street, a postal code, a city, country subdivision, a country, etc.
Immuta DSF . Longitude
Indicates the presence of longitude coordinates.
Immuta DSF . Mass
Indicates the presence of measurement data in mass.
Immuta DSF . Measurement
Indicates the presence of measurement data of a person or thing including: weight, mass, length, and temperature.
Immuta DSF . Medical Diagnostic Code
Indicates the presence of a diagnosis code used to treat, diagnose, and identify medical diseases or illnesses (e.g. IDC10 code).
Immuta DSF . Medical Record Number
Indicates the presence of an individual's medical record number.
Immuta DSF . Name
Indicates the presence of an individual's name.
Immuta DSF . Name Component
Indicates the presence of a part of an individual's name (e.g. first name, last name, title, surname, etc.).
Immuta DSF . Network Address
Indicates the presence of the unique, logical or physical address of a device on a network.
Immuta DSF . Official Individual Identifier
Indicates the presence of a unique identifier issued by a public body (e.g. driver's license).
Immuta DSF . Opinion
Indicates the presence of an individual's opinion.
Immuta DSF . Orientation
Indicates the presence of an individual's gender, sex life, or sexual orientation.
Immuta DSF . OTAC
Indicates the presence of a one-time authentication code (OTAC) used for authentication.
Immuta DSF . OTPSeed
Indicates the presence of a secret key of a one-time passcode (OTP seed) used for authentication.
Immuta DSF . Passport Number
Indicates the presence of a passport number.
Immuta DSF . Password
Indicates the presence of a password used for authentication.
Immuta DSF . Payment Amount
Indicates the presence of an amount of money used for payment.
Immuta DSF . Personal Device
Indicates the presence of an identifier of a personal device (e.g. cell phone).
Immuta DSF . Personal Identifier
Indicates the presence of a direct or indirect identifier.
Immuta DSF . Personal Location
Indicates the presence of a location of a specific individual.
Immuta DSF . Personal Tax
Indicates the presence of tax-related numbers used to identify or reference individuals (e.g. tax file number).
Immuta DSF . Personal
Indicates the presence of personal data of an individual.
Immuta DSF . Philosophical Belief
Indicates the presence of an individual's philosophical belief.
Immuta DSF . Political Opinion
Indicates the presence of an individual's political opinion.
Immuta DSF . Political Party
Indicates the presence of a political party.
Immuta DSF . Postal Code
Indicates the presence of a U.S. zip code.
Immuta DSF . Potential Direct
Indicates the presence of a potential direct identifier that is unique to an individual but not direct unless it is associated with the individual (e.g. credit card numbers).
Immuta DSF . Potential Indirect
Indicates the presence of a potential indirect identifier that could distinguish an individual with other information (e.g. age).
Immuta DSF . Precise Device Geolocation
Indicates the presence of the precise coordinates of a device.
Immuta DSF . Precise Geolocation
Indicates the presence of a highly specific geolocation, which could require extra controls if attributed to an individual.
Immuta DSF . Precise Latitude
Indicates the presence of a highly specific latitude, which could require extra controls if attributed to an individual.
Immuta DSF . Precise Longitude
Indicates the presence of a highly specific longitude, which could require extra controls if attributed to an individual.
Immuta DSF . Prescriber Number
Indicates the presence of a medical provider's identification number.
Immuta DSF . Privately Issued Individual Identifier
Indicates the presence of an individual identifier assigned by a private institution (e.g. student ID number).
Immuta DSF . Race Or Ethnicity
Indicates the presence of race or ethnicity.
Immuta DSF . Religious Belief
Indicates the presence of religious belief.
Immuta DSF . Salary
Indicates the presence of an individual's salary.
Immuta DSF . Sex Life
Indicates the presence of data about sex life.
Immuta DSF . Sexual Orientation
Indicates the presence of data about sexual orientation.
Immuta DSF . State Identification Card
Indicates the presence of a state-issued identification card number.
Immuta DSF . Street
Indicates the presence of a street address.
Immuta DSF . Telephone Number
Indicates the presence of a telephone number.
Immuta DSF . Temperature
Indicates the presence of a temperature measurement.
Immuta DSF . Trade Secret
Indicates the presence of a business trade secret.
Immuta DSF . Trade Union Membership
Indicates the presence of trade union membership.
Immuta DSF . URL
Indicates the presence of a website URL.
Immuta DSF . Username
Indicates the presence of a username.
Immuta DSF . Vehicle
Indicates the presence of vehicle information including: license plate number, vehicle identification number, or vehicle serial number.
Immuta DSF . Weight
Indicates the presence of a weight measurement.