Data classes

Data classes define categories of sensitive data that DCT Compliance can identify and protect. Each data class represents a specific type of information, such as an email address, phone number, credit card number, or national identifier.

During discovery, classifiers analyze database tables defined in a ruleset to detect sensitive data patterns. When a match is identified, the corresponding data class is assigned to the column.

Data classes are also associated with masking algorithms. The algorithm assigned to a data class determines how the detected sensitive data will be transformed during masking operations.

DCT Compliance includes built-in data classes for many common types of sensitive information. Organizations can also create custom data classes to support additional data types specific to their environment.

Data Control Tower includes several built-in objects that are provided out of the box with the product, including Data Classes, Data Classifiers, and Discovery Policies. These built-in objects are system-defined and cannot be edited or deleted. You can create and manage custom objects as needed.

Typical examples of data classes include:

Email address
Phone number
Credit card number
National identification number
First name
Last name

Default algorithms

Each data class has a default masking algorithm. This algorithm is automatically applied when sensitive data matching the data class is detected.

For setups that use tokenization workflows, a default tokenization algorithm can also be defined for the data class. When tokenization is enabled, the tokenization algorithm associated with the data class is used instead of the masking algorithm.

Changing the default algorithm for a data class affects future discovery results but does not modify algorithm assignments that already exist in rulesets.

You can perform the following operations: