Protecting Data Privacy and Confidentiality

Foundation provides powerful data privacy protection through column-level classification and dynamic data masking, ensuring sensitive information is automatically protected based on user permissions while maintaining data utility for authorized use cases.

How It Works

Column-Level Classification: Authorized users can tag individual columns within data products with specific classification and sensitivity levels. For example:

  • A customer dataset might have the "email" column marked as PII

  • The "customer_id" column marked as Confidential

  • The "country" column marked as Public

Dynamic Masking at Compute Time: When users query or access data products, Foundation automatically applies masking based on their role and permissions:

  • The data remains unmodified in storage

  • Masking occurs dynamically during query execution

  • Different users see different versions of the same data based on their access rights

Real-World Example

Consider a sales dataset with customer information:

  • Data Analyst (standard permissions): Sees masked email addresses (e.g., j***@company.com), full customer IDs, and complete geographic data

  • Marketing Manager (elevated permissions): Sees full email addresses for campaign execution, but social security numbers remain fully masked

  • Compliance Officer (audit permissions): Can view all fields unmasked for regulatory reporting

  • External Partner with descovery permissions only (restricted access): Sees all data redacted except columns marked as Public.

Why This Approach Matters

Compliance Made Simple

  • Automatically enforce GDPR, CCPA, and other privacy regulations

  • Maintain audit trails of who accessed sensitive data

Reduced Risk, Maintained Utility

  • Minimize data exposure without creating multiple dataset copies

  • Enable analytics and ML on sensitive datasets through partial masking

  • Prevent accidental data leaks while preserving business value

Operational Efficiency

  • No need to create separate "sanitized" versions of datasets

  • Classification changes immediately propagate to all consumers

  • Single source of truth with multiple privacy-preserving views

This approach ensures organizations can democratize data access while maintaining strict privacy controls, enabling teams to work with sensitive data confidently and compliantly.

PreviousExploring Data LineageNextClassifying data for compliance reasons

Last updated