Data Classifications

In OvalEdge, Classification refers to the process of categorizing data objects based on their sensitivity, confidentiality, and importance to the organization. This categorization helps define appropriate access levels, security controls, and data handling procedures to ensure regulatory compliance and protect sensitive information.

Organizations have the flexibility to customize classifications according to their specific business requirements. This typically involves labelling data objects according to predefined levels such as PII, Public, Internal Use Only, Confidential, and Highly Sensitive. In privacy-related domains, particularly for PII terms, labels may correspond to specific regulations (e.g., GDPR, CCPA, HIPAA).

There are various ways to define classification for your privacy domain. The following are the two approaches.

Approach 1

You can choose compliance based on the jurisdiction of your organisation and the location of the users or customers whose personal data is being processed.

Here’s a general guideline:

GDPR (General Data Protection Regulation): Required if you do business in the European Union or handle data of EU citizens.
CCPA (California Consumer Privacy Act): Mandatory if your company operates in or serves users in California.
NDMO (National Data Management Office – Saudi Arabia): Applicable to organisations processing data in Saudi Arabia.
Other Regulations may include HIPAA (US Healthcare), LGPD (Brazil), PDPA (Singapore), and more.

We recommend consulting your legal or compliance team to determine which frameworks apply to your business. OvalEdge Support can also connect you with legal advisors who specialise in data privacy compliance if needed.

Approach 2

In addition to compliance-based grouping, you can classify data based on sensitivity level or data type, which is often more appropriate for column-level classifications.

Some organizations follow a tiered classification structure, such as:

Classification Scheme

Example Labels

Based on Data Type

PII, PHI, Financial, Authentication Data

Based on Sensitivity

Confidential, Internal Use Only, Public, Classified

Colour-Based (Visual Security Models)

Red (Restricted), Yellow (Internal), Green (Public), Purple (Highly Confidential)

Risk-Based Exposure

Vulnerable, Public, Protected, Personal, Regulated

Compliance laws, such as GDPR and CCPA, are legal obligations, not data classifications themselves.
Classifications such as PII and PHI are more suitable for labeling columns or attributes based on their sensitivity.

Depending on your governance strategy, you may use both classification models:

One for legal applicability (e.g., GDPR, CCPA)
Another for data sensitivity (e.g., PII, Internal, Restricted)

These classification labels guide users on how to handle data, determine who can access it, and specify the level of protection required. Effective data classification is essential for maintaining data integrity, preventing unauthorized access, and promoting responsible data usage and sharing within the organization.

OvalEdge leverages Business Glossary Terms to classify cataloged data objects. Classifications are configured at the domain level and automatically linked to terms within that domain. When data objects are associated with a term, the classifications defined at the term level are propagated to those data objects. As a result, each data object inherits the appropriate classification from its associated term.

Configure Classifications at the Domain Level

Domains are central to OvalEdge’s data classification system. Each domain acts as a container for terms and their associated data objects. At the domain level, users can configure various classifications, including Public, Private, Sensitive, GDPR, CCPA, and others.

Users assigned the Domain Admin role (configured in System Settings) can manage classifications by navigating to Administration > Security > Domains Security.

These users can define and customize classifications according to their organizational requirements.

Setting a default classification at the domain level streamlines the classification process. All terms within the domain—and any associated data objects—automatically inherit the default classification, ensuring consistent application of classification policies.

Business Glossary > Terms > Summary > Classifications

Note: A Default checkbox is provided for each classification configured at the domain level. When this checkbox is unchecked, the classification is transferred to the term level but remains inactive. To ensure that term-level classifications are applied to associated data objects, the checkbox must be enabled. This activation is essential for proper data labeling and for classification-based data management functions to operate correctly.

Configure Classifications at the Term Level

Each term automatically inherits classification options defined at the domain level. However, OvalEdge provides flexibility by allowing users to configure classifications at the individual term level. This enables stakeholders to review inherited classifications and modify them as needed to accurately reflect the sensitivity and context of the associated data.

Users can activate or deactivate classifications by selecting or clearing the corresponding checkboxes.

When checkboxes are selected, all data objects linked to the term inherit the specified classifications.
If checkboxes remain unselected, the classifications are not applied to the associated data objects.

To display the classification of objects in the catalog, users must enable the Show classification in the catalog option on the Term Summary screen.

Example: Applying Term-Level Classifications in a Domain

Consider a domain named 'Customer', where default classifications such as 'Public', 'Confidential', and 'PII' are configured. Within this domain, several terms are created—for example, Customer Name, Customer Address, and Customer SSN Number.

The term Customer Name automatically inherits all domain-level classifications. However, since customer names typically do not pose a significant data risk, users can deselect the Confidential and PII classifications as needed.

In contrast, for terms like Customer Address and Customer SSN Number, users should intentionally select 'PII' and/or 'Confidential' to indicate that this information is sensitive and requires protection. These classifications restrict access to authorized users only.

This term-level flexibility enables users to tailor classifications according to the specific sensitivity of the data associated with each term, ensuring that appropriate handling and access controls are implemented.

Term Properties

Important:

The term must be in "draft" status to make any edits to the term Classifications configured at the domain level.
Initially, when a new term is created within a domain, the domain-level classifications are automatically linked to the term.
Even if the term is associated with multiple data objects, these classifications won't be applied to the data objects while the term remains in draft status.
To associate the term's classifications with the associated data objects, it is necessary to publish the term.
When a published term is transitioned back into draft status for further modifications, the classifications remain linked to the data objects until the latest changes are made and published.
Upon publication with new modifications, the term will then reflect the updated classifications.

Edit Classifications

The table below presents a use case model that shows how classifications are selected or deselected at the term level, based on the term's scope and the sensitivity of the data it represents.

Default Classifications (Domain Level)

Terms

Configuring Term Classifications

✅Public

✅Confidential

✅PII

Customer Name

✅ Public

⌧ Confidential

⌧ PII

Customer Address

⌧Public

✅ Confidential

✅ PII

Customer's Social Security Number

⌧ Public

✅ Confidential

✅ PII

Association Policy

The Show classification in the catalog option can be selected from the Term Summary page. When this policy is enabled at the term level, it enhances the visibility of the term's classifications across the data catalog.

Once activated, the associated classifications are displayed in the summary details of related data objects, including tables, table columns, files, file columns, reports, report columns, APIs, and API attributes.

Change Management

Change Classifications at the Domain Level

In OvalEdge, metadata—such as classifications—can be modified by authorized users, including those with Meta-Write access or assigned governance roles at the term or domain level. These users can modify, delete, or update classifications according to their permissions.

For example, consider the Customer domain. Authorized stakeholders at the domain level can modify or remove classifications applied across the domain. If data previously classified as Sensitive is re-evaluated and determined to be Internal Use Only, this change can be made at the domain level.

Once the classification is updated, the modification automatically cascades to all associated terms and data objects within the domain, ensuring consistency across the data catalog.

Change Classifications at the Term Level

At the term level, authorized stakeholders can also modify classifications. For example, the term Customer Social Security Number may have been initially classified as Private. If the responsible stakeholder determines that it should be classified as Confidential, they can move the term to Draft, update the classification, and then Republish the term.

Once published, the updated classification is applied to all associated data objects, ensuring consistency wherever the term is used.

In summary, OvalEdge provides granular control over data classifications at both the domain and term levels. Authorized users can change, delete, or update classifications as business needs evolve, ensuring accurate data labelling, effective governance, and compliance throughout the data hierarchy.

PreviousSystem Settings NextData Classification Recommendations

Last updated 3 months ago

Was this helpful?