What Are Data Classes?

Data classes are sets of data with shared characteristics. They provide a framework for categorizing information, whether for security, compliance, or operational efficiency. By classifying data, organizations can create policies and procedures tailored to each class's unique requirements.

Data classes categorize data into meaningful groups based on common characteristics, enabling organizations to organize, manage, and secure their data effectively. A well-defined data classification system helps organizations comply with regulatory requirements, manage risks, and streamline data handling processes.

For example, personal information such as names, email or street addresses, and social security numbers might be grouped into a "Sensitive Personal Information" class. This helps organizations apply specific security controls to protect such data. Another common data class is "Confidential Business Information," which encompasses proprietary company information, trade secrets, and other sensitive business details.

Benefits of Data Classes

The primary advantage of data classes is their ability to simplify data management. They allow organizations to define rules and policies for each class, enhancing data security and compliance.

With data classes, organizations can create clear data access policies. This helps ensure that sensitive data is only accessible to authorized personnel, reducing the risk of data breaches.

Data classes also facilitate compliance with regulations like GDPR or HIPAA. By categorizing data, organizations can easily identify which laws apply to each class and implement the necessary controls.

What are Data Class Groups?

Data Class Groups are collections of related data classes. This grouping enables organizations to apply policies, security measures, and compliance controls at a higher level. Instead of managing individual data classes, organizations can work with groups, reducing complexity.

For instance, a Data Class Group for "Customer Information" could encompass several data classes, such as personal information, payment details, and contact information. This grouping allows organizations to implement consistent security measures across all related data classes.

Another example is a "Financial Data" group that includes data classes like financial transactions, tax records, and salary information. Managing this group as a whole ensures consistent compliance with financial regulations.

Advantages of Data Class Groups

The key benefit of Data Class Groups is simplification. By managing data at the group level, organizations can reduce administrative overhead and improve data security. With Data Class Groups, organizations can apply security policies more efficiently. Instead of creating individual rules for each data class, they can define broader policies that cover entire groups. This approach streamlines security management and reduces the risk of oversight.

Data Class Groups also enable more flexible data handling. Organizations can add or remove data classes from a group without reconfiguring the entire system. This flexibility is crucial when dealing with large and evolving datasets.

IRI Data Classes

In the IRI Voracity data management platform – and for its FieldShield and DarkShield data masking tools in particular, Data Classes provide convenience, consistency, and the ability to support the needs of data architects and governance teams by providing a more granular level of control on what is considered, discovered, and treated as PII.

Each uniquely named Data Class should be paired with one or more (location or content-based) Search Matchers and a default (data masking) Rule. All of this information is stored in the Data Class and Rule Library in the IRI Workbench front-end for these tools, which is a graphical IDE built on Eclipse.

IRI Data Class Groups

A Data Class Group is a container for a group of data classes. Each Data Class Group can have a default Rule assigned by the user. 

By assigning a default Rule to a Data Class Group, any Data Classes within a Data Class Group that have no default Rule assigned will instead inherit the default Rule of the parent Data Class Group. Otherwise, if the Data Class in a Group has a default Rule, that Rule will be used instead of the Data Class Group’s default Rule. Grouping Data Classes together can also be useful for categorization and logging purposes.

Another optional feature of Data Class Groups is the ability to further categorize Data Classes according to a data privacy law, or their level of sensitivity. Sensitivity level groups are Data Class Groups with an assigned priority level. Higher priority groups typically have more restrictive masking functions assigned to them. 

Because only one Data Class can be matched to a given element of PII, the sensitivity level of a Data Class Group determines the order in which a Data Class that may be in a different group (using different masking rules) can perform its matching and masking operation against incoming data. Where two Data Classes with the same name and search matchers but different masking functions are defined, the sensitivity level should dictate which masking function takes priority.

For more information, see:
https://www.iri.com/blog/data-protection/iri-data-classification.

Frequently Asked Questions (FAQs)

1. What are data classes in data management?

Data classes are predefined categories used to group data with similar characteristics. They help organizations manage, protect, and apply policies to data more effectively by assigning rules and controls based on the nature of the information.

2. How do data classes improve data governance?

Data classes enable organizations to apply consistent rules for security, masking, and compliance across similar types of data. This improves visibility, reduces the risk of oversight, and ensures sensitive data is handled appropriately throughout its lifecycle.

3. What is the difference between a data class and a data class group?

A data class refers to a specific type of data, such as social security numbers or email addresses. A data class group is a collection of related data classes, like “Customer Information” or “Financial Data,” which can be managed collectively for simplicity and consistency.

4. How are data classes used in IRI solutions?

In IRI Voracity, FieldShield, and DarkShield, data classes are defined and managed within the IRI Workbench GUI. Each data class can be paired with search matchers and masking rules to automate discovery and protection of PII across multiple sources.

5. What are the benefits of using data class groups?

Data class groups simplify the management of related data classes by allowing shared policies and masking rules to be applied at the group level. This reduces configuration time and ensures consistency across categories of sensitive data.

6. Can different data classes share the same masking rules?

Yes, multiple data classes can use the same masking rule, especially when grouped under a data class group that has a default rule. This allows for consistent treatment of similar data across various environments.

7. How do sensitivity levels work in IRI data class groups?

Sensitivity levels prioritize which data class takes precedence when multiple classes could apply to the same data element. Higher sensitivity groups usually require stronger masking methods and override lower-priority matches to ensure proper protection.

8. What happens if a data class in a group has no masking rule assigned?

If a data class lacks an individual rule, it will inherit the default rule from its parent data class group. This ensures that every piece of data in the group has a masking policy applied, even if not explicitly configured at the individual class level.

9. How does IRI determine which masking rule to apply when multiple classes match?

IRI uses the sensitivity level assigned to each data class group to determine priority. The class within the highest-priority group will be selected, ensuring the most restrictive or appropriate rule is enforced.

10. What role do search matchers play in data classification?

Search matchers define how IRI tools detect and classify data. They can be based on field names (location matchers), patterns like regular expressions, or external lookup files (content matchers) to accurately identify data for classification and masking.

11. Can IRI data classes help with compliance?

Yes, by organizing and tagging data according to classification and privacy law requirements, IRI data classes make it easier to implement controls that meet regulatory standards such as GDPR, HIPAA, and CCPA.

12. How flexible is the IRI Workbench for managing data classes?

IRI Workbench provides a user-friendly interface to create, edit, group, and assign rules to data classes. It allows teams to scale classification policies, track rule usage, and support compliance initiatives from a central, Eclipse-based platform.

13. What kind of data can be included in data class groups?

Data class groups can include any kind of structured or unstructured data types relevant to an organization’s governance framework. Common examples include personal identifiers, financial records, login credentials, and business-sensitive information.

14. Can organizations customize their own data classes?

Yes, organizations using IRI tools can define custom data classes that reflect their unique data types, naming conventions, and regulatory requirements. These classes can then be reused across projects and teams.