Working with the results of sensitive data classification¶
This topic describes the ways that you can view the results of sensitive data classification and how you can track classification tags to monitor sensitive data.
Use the Trust Center to view results¶
To view results of sensitive data classification in the Trust Center, complete the following steps:
Sign in to Snowsight as a user with the required privileges.
In the navigation menu, select Governance & security » Trust Center.
Select the Data Security tab.
Do one of the following:
If you want to gain high-level insights into the security of your sensitive data, select the Dashboard tab. For more information, see Dashboard page.
If you want to list all of the tables and views that have been classified as containing sensitive data, select the Sensitive objects tab.
When the page opens, select a table to see which columns have sensitive data, the semantic category of those columns, and whether tags were applied to the columns.
Dashboard page¶
The Dashboard page provides high-level insights into the security of your sensitive data by providing information such as how many databases and tables have been classified. The page contains the following tiles.
Tile |
Description |
|---|---|
Objects by compliance category |
Identifies the number of objects that contain data that might be subject to a regulation or other compliance standard, based on the type of information in the object.
|
Objects by semantic category |
Identifies the most common semantic categories, and the number of objects that contain data that belong to those categories. |
Databases monitored by auto-classification |
Identifies which databases are currently monitored by sensitive data classification. A database is partially monitored if someone used SQL to set a classification profile directly on a schema in the database rather than setting the profile at the database level. |
Classification status |
Identifies whether all databases currently being monitored for sensitive data have been classified. |
Sensitive data masking status |
Identifies whether sensitive data is protected by a masking policy. The masking policy can be a tag-based policy or one that was manually applied to the column. A table is fully masked if every column that contains sensitive data has a masking policy associated with it. A table is partially masked if only some columns containing sensitive data are associated with a masking policy. |
Compliance category mappings¶
Note
You are solely responsible for determining which regulations or laws apply to your data and ensuring your compliance with the applicable regulations or laws. The compliance categories within sensitive data classification are designed to give you an out-of-the-box toolkit to aid your efforts, but are not exhaustive. Only native semantic categories supported by Snowflake are mapped to a compliance category.
Use the following table to understand the Objects by compliance category tile on the Dashboard page.
Compliance category |
Native semantic category |
Locale |
|---|---|---|
Digital Personal Data Protection Act (DPDPA) |
DATE_OF_BIRTH |
n/a |
DRIVERS_LICENSE |
India (IN) |
|
n/a |
||
NAME |
n/a |
|
NATIONAL_IDENTIFIER |
India (IN) |
|
PHONE_NUMBER |
n/a |
|
STREET_ADDRESS |
n/a |
|
TAX_IDENTIFIER |
India (IN) |
|
General Data Protection Regulation (GDPR) |
AGE |
n/a |
n/a |
||
ETHNICITY |
n/a |
|
GENDER |
n/a |
|
IBAN |
n/a |
|
IMEI |
n/a |
|
IP_ADDRESS |
n/a |
|
NAME |
n/a |
|
PAYMENT_CARD |
n/a |
|
PHONE_NUMBER |
n/a |
|
SALARY |
n/a |
|
VIN |
n/a |
|
Gramm-Leach-Bliley Act (GLBA) |
BANK_ACCOUNT |
United States (US) |
DRIVERS_LICENSE |
United States (US) |
|
NAME |
United States (US) |
|
NATIONAL_IDENTIFIER |
United States (US) |
|
PASSPORT |
United States (US) |
|
PAYMENT_CARD |
n/a |
|
STREET_ADDRESS |
United States (US) |
|
TAX_IDENTIFIER |
United States (US) |
|
Health Insurance Portability and Accountability Act (HIPAA) |
ADMINISTRATIVE_AREA_1 |
United States (US) |
ADMINISTRATIVE_AREA_2 |
United States (US) |
|
AGE |
n/a |
|
CITY |
United States (US) |
|
DATE_OF_BIRTH |
n/a |
|
n/a |
||
ETHNICITY |
n/a |
|
IMEI |
n/a |
|
IP_ADDRESS |
n/a |
|
NAME |
n/a |
|
NATIONAL_IDENTIFIER |
United States (US) |
|
PHONE_NUMBER |
United States (US) |
|
POSTAL_CODE |
United States (US) |
|
STREET_ADDRESS |
United States (US) |
|
URL |
n/a |
|
VIN |
n/a |
|
Payment Card Industry (PCI) |
PAYMENT_CARD |
n/a |
Personally identifiable information (PII) |
DATE_OF_BIRTH |
n/a |
DRIVERS_LICENSE |
n/a |
|
n/a |
||
NAME |
n/a |
|
NATIONAL_IDENTIFIER |
n/a |
|
PHONE_NUMBER |
n/a |
|
STREET_ADDRESS |
n/a |
|
TAX_IDENTIFIER |
n/a |
Use SQL to view results¶
You can use SQL to view the results of automatic classification in the following ways:
Call the SYSTEM$GET_CLASSIFICATION_RESULT function. For example:
CALL SYSTEM$GET_CLASSIFICATION_RESULT('mydb.sch.t1');
You cannot return results until the classification process completes. The automatic classification process does not start until one hour after setting the classification profile on the database.
Use a role that is granted the SNOWFLAKE.GOVERNANCE_VIEWER database role to query the DATA_CLASSIFICATION_LATEST view. For example:
SELECT * FROM SNOWFLAKE.ACCOUNT_USAGE.DATA_CLASSIFICATION_LATEST;
Results might not appear until three hours after classification completes.