Add a new Policy
List of fields for the definition of policy:
High level key is
policieswhich is an array of policy definitions. Once the policy object is defined, we can add it to the array of
You can either add policy definition to an existing a file or create a new yaml file. The policies are located at directory:
Once the new policy is added, Privado will evaluate the policy on the data elements and data flows after the code scan, and it will create the issues in case of policy violations.
Usage of Race, Ethnicity and Nationality in your Machine Learning and Artificial Intelligence model may make them bias towards certain individuals. You can have policy that prohibits the use of Race, Ethnicity and Nationality in Artificial Intelligence and Machine Learning models. Policy: Ethical AI usage policy
- id: Policy.Deny.Processing.EthicalUsageForAI
name : "Ethical AI Usage Policy"
description: "Don't use ethnicity, race and nationality for machine learning and AI"
fix: "Talk to the Privacy Engineering team: [email protected]"
laws: GDPR, CCPA2
Business intelligence dashboards are popular among business analysts to run queries and get insights to help customers and grow the business. Exposing personal data as part of these dashboards can lead to unauthorized access and breaches. You can have a policy to deny access of personal data such as name, email, mobile, address to your business dashboard applications. Policy: Restrict usage of personal data for Business Intelligence dashboards
- id: Policy.Deny.Processing.NoPersonalDataInBIReports
name : "Restrict usage of personal data in BI reports"
description: "Personal data in BI reports may expose it to unathorized access."
laws: GDPR, CCPA
This policy restricts Sensitive data (contact and PII phone number) of a customer whenever it is being shared to Slack. The detection is triggered whenever a dataflow between the marked sources and sinks is identified.
- id: Policy.Deny.Sharing.DontShareContactDataToSlack
name : "Restrict sharing customer contact data on Slack"
description: "Customer contact shared on Slack can lead to data breaches and unathorized access"
laws: GDPR, CCPA