Skip to main content

User Guide

Privitar’s Approach to Building Data Protection Policies

The Privitar Data Security Platform​ offers a system of policies and rules that can meet all sorts of requests for data consumption. This system provides a scalable solution that allows for automated data requests. Rather than creating specific policies for each dataset, you create reusable policies based on business context. These policies execute automatically on an unlimited number of data requests.

Let's start by looking at the result you want to achieve and see how the platform helps you achieve it.

Your goal is to de-identify data while still maintaining that data's usefulness. This is where the platform's transformations come in.

A transformation defines a set of behaviors (privacy enhancing technologies) for the platform to execute on a field in a dataset to de-identify it, while still preserving data utility.

However, you don't want the platform to apply the same transformations to every field in every dataset regardless of the user, the type of data, and the purpose. You want these transformations to be conditional on the metadata context. You use rules to ensure that the platform applies a transformation only when you want.

Rules are building blocks of policies. Rules are conditional based on attributes, such as user groups, terms, tags, locations, and so on. Rules also take actions specific to data classes and transformations.

While rules apply to specific conditions, you might need multiple rules to meet the needs of a broader use case. You need to group this set of rules into a policy that defines the use case for which the platform should apply them.


Policies, rules, and transformations are constrained within the context of a data exchange, so if you wish to use them in multiple data exchanges, you will need to recreate them in each data exchange.