With Policy, you can check new code changes against your company's data privacy policies and create privacy issues, fail the change from going live. You can also give contextual guidance to the developer on how to remediate the privacy issues and scale guidance. Currently, we allow you to write custom policies based on attributes of data elements.


Creating a Policy


Navigate to the Policy page by clicking on the Policy button from the top navigation.



Click on the Add Policy Button



Add a title for your policy, this should be easy for developers to understand and align with your internal policies. Some examples are Location Policy, WiFi Policy, Special Category Data Policy, Cookie Policy etc.



Setting Triggers:

First step for creating a new policy is to add triggers when this policy will be violated and an issue will be created. We offer the following attributes for triggers:



  1. Data Elements: You can create a policy for specific data elements. 
  2. Data Category: You can use data categories like financial data, location data as a trigger
  3. Sensitivity: Sensitivity of data elements can be used to create a trigger


Operators available for each trigger:

  1. Is: All values have to be present in the code change to activate the trigger
  2. Contains: Any one value in the code change will activate the trigger


Selecting Risk

Once you have added the triggers, you can select what should be the Risk of the issue being created because of these policies. This will help you to prioritize the issue later and also set their deadline accordingly.


Confidence as Filter

Since Privado uses AI to discover personal data, we have some discoveries with low confidence. You can use Confidence as a filter and decide if low confidence data element discovery will trigger the policy or not. The default value is only for High Confidence discovery, you can switch to all by switching the toggle off.



Adding Policy Details

Here you can give the developers a context about the policy and a recommendation on how to remediate the issue. Scroll down to the Policy Details section and click on Edit button


A modal will open up, add Description, Recommendation & click Save & Continue button.


Your Policy is ready, Enable the policy by switching the disabled toggle.

 



Default Policy

Out of the box, Privado creates a default policy for new data elements. If in a repository, a new data element is processed we create an issue based on this policy.