Hi Folks, Is anyone "tagging" columns or structures as "PII" or "PCI" or "PHI" to meet GDPR or CCPA or HIPPA requirements vi DataHub?? If yes, can you please share how that has benefited your company? i.e. Allows easier discovery, saved us from violation fees, helped with Audit situation... or other reasons. Thank you very much for your responses. 🙂

Depends on your company’s strategy. For instance, it makes a lot of sense when you’re a health tech start up. When you have tagged your data, you can automate data access requests while also having the fine-grained access controls needed for confidentiality. This gives you a real competitive edge.

Hi Bart, Appreciate you replied. Yes, it does depend on a Company's strategy. I was hoping someone would reply who is actually using DataHub to do this, would respond with real world examples. 🙂.

One of our teams is in the early stages of doing this, but the idea is to identify the columns that contain PII in the most upstream table (this is done outside of DataHub), and then use DataHub’s lineage to carry over the PII labels to all necessary downstream tables. I can’t speak to the benefits yet because it’s not fully implemented, but it is definitely way easier and more deterministic than doing it for every table as a standalone process.

Very cool idea to use lineage, @acceptable-potato-35922. It unburdens your teams from manual tagging. Are you still planning to use the tags for data access management?

I’m not exactly sure (because it’s another team that handles Data Privacy and access controls), but I believe the presence of PII influences the access level.