What Are Data Classes?
Data classes are sets of data with shared characteristics. They provide a framework for categorizing information, whether for security, compliance, or operational efficiency. By classifying data, organizations can create policies and procedures tailored to each class's unique requirements.
Data classes categorize data into meaningful groups based on common characteristics, enabling organizations to organize, manage, and secure their data effectively. A well-defined data classification system helps organizations comply with regulatory requirements, manage risks, and streamline data handling processes.
For example, personal information such as names, email or street addresses, and social security numbers might be grouped into a "Sensitive Personal Information" class. This helps organizations apply specific security controls to protect such data. Another common data class is "Confidential Business Information," which encompasses proprietary company information, trade secrets, and other sensitive business details.
Benefits of Data Classes
The primary advantage of data classes is their ability to simplify data management. They allow organizations to define rules and policies for each class, enhancing data security and compliance.
With data classes, organizations can create clear data access policies. This helps ensure that sensitive data is only accessible to authorized personnel, reducing the risk of data breaches.
Data classes also facilitate compliance with regulations like GDPR or HIPAA. By categorizing data, organizations can easily identify which laws apply to each class and implement the necessary controls.
What are Data Class Groups?
Data Class Groups are collections of related data classes. This grouping enables organizations to apply policies, security measures, and compliance controls at a higher level. Instead of managing individual data classes, organizations can work with groups, reducing complexity.
For instance, a Data Class Group for "Customer Information" could encompass several data classes, such as personal information, payment details, and contact information. This grouping allows organizations to implement consistent security measures across all related data classes.
Another example is a "Financial Data" group that includes data classes like financial transactions, tax records, and salary information. Managing this group as a whole ensures consistent compliance with financial regulations.
Advantages of Data Class Groups
The key benefit of Data Class Groups is simplification. By managing data at the group level, organizations can reduce administrative overhead and improve data security. With Data Class Groups, organizations can apply security policies more efficiently. Instead of creating individual rules for each data class, they can define broader policies that cover entire groups. This approach streamlines security management and reduces the risk of oversight.
Data Class Groups also enable more flexible data handling. Organizations can add or remove data classes from a group without reconfiguring the entire system. This flexibility is crucial when dealing with large and evolving datasets.
IRI Data Classes
In the IRI Voracity data management platform – and for its FieldShield and DarkShield data masking tools in particular, Data Classes provide convenience, consistency, and the ability to support the needs of data architects and governance teams by providing a more granular level of control on what is considered, discovered, and treated as PII.
Each uniquely named Data Class should be paired with one or more (location or content-based) Search Matchers and a default (data masking) Rule. All of this information is stored in the Data Class and Rule Library in the IRI Workbench front-end for these tools, which is a graphical IDE built on Eclipse.
IRI Data Class Groups
A Data Class Group is a container for a group of data classes. Each Data Class Group can have a default Rule assigned by the user.
By assigning a default Rule to a Data Class Group, any Data Classes within a Data Class Group that have no default Rule assigned will instead inherit the default Rule of the parent Data Class Group. Otherwise, if the Data Class in a Group has a default Rule, that Rule will be used instead of the Data Class Group’s default Rule. Grouping Data Classes together can also be useful for categorization and logging purposes.
Another optional feature of Data Class Groups is the ability to further categorize Data Classes according to a data privacy law, or their level of sensitivity. Sensitivity level groups are Data Class Groups with an assigned priority level. Higher priority groups typically have more restrictive masking functions assigned to them.
Because only one Data Class can be matched to a given element of PII, the sensitivity level of a Data Class Group determines the order in which a Data Class that may be in a different group (using different masking rules) can perform its matching and masking operation against incoming data. Where two Data Classes with the same name and search matchers but different masking functions are defined, the sensitivity level should dictate which masking function takes priority.
For more information, see:
https://www.iri.com/blog/data-protection/iri-data-classification.
