From a8885f98e61afe2458bb7baa9e6dcf43c35d7ff6 Mon Sep 17 00:00:00 2001 From: Cole Garbo Date: Wed, 10 Aug 2022 14:56:34 -0400 Subject: [PATCH] [#37, #67] add missing docs, remove deprecated taxonomy references --- README.md | 4 +- data_files/data_categories.csv | 132 +++---- data_files/data_categories.json | 359 ++++++++---------- data_files/data_categories.yml | 306 +++++++-------- data_files/data_uses.csv | 10 +- data_files/data_uses.json | 20 +- data_files/data_uses.yml | 20 +- demo_resources/demo_dataset.yml | 8 +- demo_resources/demo_policy.yml | 2 +- demo_resources/demo_system.yml | 8 +- mkdocs/docs/csv/data_categories.csv | 132 +++---- mkdocs/docs/csv/data_uses.csv | 12 +- mkdocs/docs/img/notation-conventions.svg | 36 -- mkdocs/docs/index.md | 15 +- mkdocs/docs/js/vis.js | 3 - mkdocs/docs/js/vis2.js | 3 - mkdocs/docs/overview.md | 32 ++ mkdocs/docs/resources/dataset.md | 226 +++++++++++ mkdocs/docs/resources/organization.md | 95 +++++ mkdocs/docs/resources/overview.md | 50 +++ mkdocs/docs/resources/policy.md | 120 ++++++ mkdocs/docs/resources/registry.md | 53 +++ mkdocs/docs/resources/system.md | 142 +++++++ mkdocs/docs/syntax.md | 93 ++--- mkdocs/docs/{ => taxonomy}/data_categories.md | 35 +- mkdocs/docs/{ => taxonomy}/data_qualifiers.md | 4 +- mkdocs/docs/{ => taxonomy}/data_subjects.md | 53 ++- mkdocs/docs/{ => taxonomy}/data_uses.md | 73 +++- mkdocs/docs/taxonomy/overview.md | 50 +++ mkdocs/mkdocs.yml | 21 +- src/fideslang/default_taxonomy.py | 7 - tests/conftest.py | 8 +- .../failing_dataset_collection_taxonomy.yml | 8 +- tests/data/failing_dataset_field_taxonomy.yml | 8 +- tests/data/failing_dataset_taxonomy.yml | 8 +- tests/data/failing_declaration_taxonomy.yml | 4 +- tests/data/failing_nested_dataset.yml | 10 +- tests/data/passing_declaration_taxonomy.yml | 2 +- tests/data/sample_hierarchy_figures.json | 26 +- tests/fideslang/test_parse.py | 8 +- tests/fideslang/test_validation.py | 36 +- 41 files changed, 1487 insertions(+), 755 deletions(-) delete mode 100644 mkdocs/docs/img/notation-conventions.svg create mode 100644 mkdocs/docs/overview.md create mode 100644 mkdocs/docs/resources/dataset.md create mode 100644 mkdocs/docs/resources/organization.md create mode 100644 mkdocs/docs/resources/overview.md create mode 100644 mkdocs/docs/resources/policy.md create mode 100644 mkdocs/docs/resources/registry.md create mode 100644 mkdocs/docs/resources/system.md rename mkdocs/docs/{ => taxonomy}/data_categories.md (86%) rename mkdocs/docs/{ => taxonomy}/data_qualifiers.md (96%) rename mkdocs/docs/{ => taxonomy}/data_subjects.md (63%) rename mkdocs/docs/{ => taxonomy}/data_uses.md (71%) create mode 100644 mkdocs/docs/taxonomy/overview.md diff --git a/README.md b/README.md index 9e3e41bc..9d04329e 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ The taxonomy is currently comprised of four classification groups that are used Data Categories are labels used to describe the type of data processed by a system. You can assign one or more data categories to a field when classifying a system. -Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.provided` data), or you can classify it with greater precision using subclasses (e.g. `user.provided.identifiable.contact.email` data). +Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.contact` data), or you can classify it with greater precision using subclasses (e.g. `user.contact.email` data). Learn more about [Data Categories in the taxonomy reference now](https://ethyca.github.io/fideslang/data_categories/). @@ -30,7 +30,7 @@ Learn more about [Data Categories in the taxonomy reference now](https://ethyca. Data Use Categories are labels that describe how, or for what purpose(s) a component of your system is using data. Similar to data categories, you can assign one or multiple Data Use Categories to a system. -Data Use Categories are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.system.operations`) or with more precision using subclasses (e.g. `provide.system.operations.support.optimization`). +Data Use Categories are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.service.operations`) or with more precision using subclasses (e.g. `provide.service.operations.support.optimization`). Learn more about [Data Use Categories in the taxonomy reference now](https://ethyca.github.io/fideslang/data_uses/). diff --git a/data_files/data_categories.csv b/data_files/data_categories.csv index 72a6437a..669e2bd7 100644 --- a/data_files/data_categories.csv +++ b/data_files/data_categories.csv @@ -1,79 +1,65 @@ privacy_key,name,parent_key,description data_category,Data Category,, -account,Account Data,data_category,Data related to a system account. -account.contact,Account Contact Data,account,Contact data related to a system account. -account.contact.city,Account City,account.contact,Account's city level address data. -account.contact.country,Account Country,account.contact,Account's country level address data. -account.contact.email,Account Email,account.contact,Account's email address. -account.contact.phone_number,Account Phone Number,account.contact,Account's phone number. -account.contact.postal_code,Account Postal Code,account.contact,Account's postal code. -account.contact.state,Account State,account.contact,Account's state level address data. -account.contact.street,Account Street,account.contact,Account's street level address. -account.payment,Payment Data,account,Payment data related to system account. -account.payment.financial_account_number,Account Payment Financial Account Number,account.payment,"Financial account number for an account's payment card, bank account, or other financial system." system,System Data,data_category,"Data unique to, and under control of the system." system.authentication,Authentication Data,system,Data used to manage access to the system. system.operations,Operations Data,system,Data used for system operations. user,User Data,data_category,"Data related to the user of the system, either provided directly or derived based on their usage." -user.derived,Derived Data,user,Data derived from user provided data or as a result of user actions in the system. -user.derived.identifiable,Derived User Identifiable Data,user.derived,"Derived data that is linked to, or identifies a user." -user.derived.identifiable.biometric_health,Biometric Health Data,user.derived.identifiable,Encoded characteristic collected about a user. -user.derived.identifiable.browsing_history,Browsing History,user.derived.identifiable,Content browsing history of a user. -user.derived.identifiable.demographic,Demographic Data,user.derived.identifiable,Demographic data about a user. -user.derived.identifiable.contact,Derived Contact Data,user.derived.identifiable,Contact data collected about a user. -user.derived.identifiable.device,Device Data,user.derived.identifiable,"Data related to a user's device, configuration and setting." -user.derived.identifiable.device.cookie_id,Cookie ID,user.derived.identifiable.device,Cookie unique identification number. -user.derived.identifiable.device.device_id,Device ID,user.derived.identifiable.device,Device unique identification number. -user.derived.identifiable.device.ip_address,IP Address,user.derived.identifiable.device,Unique identifier related to device connection. -user.derived.identifiable.gender,Derived Gender,user.derived.identifiable,Gender of an individual. -user.derived.identifiable.location,Location Data,user.derived.identifiable,Records of the location of a user. -user.derived.identifiable.media_consumption,Media Consumption Data,user.derived.identifiable,Media type consumption data of a user. -user.derived.identifiable.non_specific_age,Derived Non-Specific Age,user.derived.identifiable,Age range data. -user.derived.identifiable.observed,Observed Data,user.derived.identifiable,Data collected through observation of use of the system. -user.derived.identifiable.profiling,Profiling Data,user.derived.identifiable,Preference and interest data about a user. -user.derived.identifiable.race,Derived Race,user.derived.identifiable,Racial or ethnic origin data. -user.derived.identifiable.religious_belief,Derived Religious Belief,user.derived.identifiable,Religion or religious belief. -user.derived.identifiable.search_history,Search History,user.derived.identifiable,Records of search history and queries of a user. -user.derived.identifiable.sexual_orientation,Derived Sexual Orientation,user.derived.identifiable,Personal sex life or sexual data. -user.derived.identifiable.social,Social Data,user.derived.identifiable,Social activity and interaction data. -user.derived.identifiable.telemetry,Telemetry Data,user.derived.identifiable,User identifiable measurement data from system sensors and monitoring. -user.derived.identifiable.unique_id,Unique ID,user.derived.identifiable,Unique identifier for a user assigned through system use. -user.derived.identifiable.user_sensor,User Sensor Data,user.derived.identifiable,Measurement data derived about a user's environment through system use. -user.derived.identifiable.organization,Organization Identifiable Data,user.derived.identifiable,"Derived data that is linked to, or identifies an organization." -user.derived.identifiable.workplace,Derived Workplace,user.derived.identifiable,Organization of employment. -user.derived.nonidentifiable,Derived User Non-Identifiable Data,user.derived,Non-user identifiable data derived related to a user as a result of user actions in the system. -user.derived.nonidentifiable.sensor,Sensor Data,user.derived.nonidentifiable,Non-user identifiable measurement data derived from sensors and monitoring systems. -user.provided,User Provided Data,user,Data provided or created directly by a user of the system. -user.provided.identifiable,User Provided Identifiable Data,user.provided,Data provided or created directly by a user that is linked to or identifies a user. -user.provided.identifiable.biometric,Biometric Data,user.provided.identifiable,Encoded characteristics provided by a user. -user.provided.identifiable.childrens,Children's Data,user.provided.identifiable,Data relating to children. -user.provided.identifiable.contact,Provided Contact Data,user.provided.identifiable,User provided contact data for purposes other than account management. -user.provided.identifiable.contact.city,User Provided City,user.provided.identifiable.contact,User's city level address data. -user.provided.identifiable.contact.country,User Provided Country,user.provided.identifiable.contact,User's country level address data. -user.provided.identifiable.contact.email,User Provided Email,user.provided.identifiable.contact,User's provided email address. -user.provided.identifiable.contact.phone_number,User Provided Phone Number,user.provided.identifiable.contact,User's phone number. -user.provided.identifiable.contact.postal_code,User Provided Postal Code,user.provided.identifiable.contact,User's postal code. -user.provided.identifiable.contact.state,User Provided State,user.provided.identifiable.contact,User's state level address data. -user.provided.identifiable.contact.street,User Provided Street,user.provided.identifiable.contact,User's street level address data. -user.provided.identifiable.credentials,Credentials,user.provided.identifiable,User provided authentication data. -user.provided.identifiable.credentials.biometric_credentials,Biometric Credentials,user.provided.identifiable.credentials,Credentials for system authentication. -user.provided.identifiable.credentials.password,Password,user.provided.identifiable.credentials,Password for system authentication. -user.provided.identifiable.date_of_birth,Date of Birth,user.provided.identifiable,User's date of birth. -user.provided.identifiable.financial,Financial Data,user.provided.identifiable,Payment data and financial history. -user.provided.identifiable.financial.account_number,User Provided Financial Account Number,user.provided.identifiable.financial,"User's account number for a payment card, bank account, or other financial system." -user.provided.identifiable.gender,User Provided Gender,user.provided.identifiable,Gender of an individual. -user.provided.identifiable.genetic,Genetic Data,user.provided.identifiable,Data about the genetic makeup provided by a user. -user.provided.identifiable.government_id,Government ID,user.provided.identifiable,State provided identification data. -user.provided.identifiable.government_id.drivers_license_number,Driver's License Number,user.provided.identifiable.government_id,State issued driving identification number. -user.provided.identifiable.government_id.national_identification_number,National Identification Number,user.provided.identifiable.government_id,State issued personal identification number. -user.provided.identifiable.government_id.passport_number,Passport Number,user.provided.identifiable.government_id,State issued passport data. -user.provided.identifiable.health_and_medical,Health and Medical Data,user.provided.identifiable,Health records or individual's personal medical information. -user.provided.identifiable.job_title,Job Title,user.provided.identifiable,Professional data. -user.provided.identifiable.name,Name,user.provided.identifiable,User's real name. -user.provided.identifiable.non_specific_age,User Provided Non-Specific Age,user.provided.identifiable,Age range data. -user.provided.identifiable.political_opinion,Political Opinion,user.provided.identifiable,Data related to the individual's political opinions. -user.provided.identifiable.race,User Provided Race,user.provided.identifiable,Racial or ethnic origin data. -user.provided.identifiable.religious_belief,User Provided Religious Belief,user.provided.identifiable,Religion or religious belief. -user.provided.identifiable.sexual_orientation,User Provided Sexual Orientation,user.provided.identifiable,Personal sex life or sexual data. -user.provided.identifiable.workplace,User Provided Workplace,user.provided.identifiable,Organization of employment. -user.provided.nonidentifiable,User Provided Non-Identifiable Data,user.provided,Data provided or created directly by a user that is not identifiable. +user.account,Account Data,user,Data related to a user's system account. +user.account.contact,Account Contact Data,user.account,Contact data related to a system account. +user.account.contact.city,Account City,user.account.contact,Account's city level address data. +user.account.contact.country,Account Country,user.account.contact,Account's country level address data. +user.account.contact.email,Account Email,user.account.contact,Account's email address. +user.account.contact.phone_number,Account Phone Number,user.account.contact,Account's phone number. +user.account.contact.postal_code,Account Postal Code,user.account.contact,Account's postal code. +user.account.contact.state,Account State,user.account.contact,Account's state level address data. +user.account.contact.street,Account Street,user.account.contact,Account's street level address. +user.account.payment,Payment Data,user.account,Payment data related to system account. +user.account.payment.financial_account_number,Account Payment Financial Account Number,user.account.payment,"Financial account number for an account's payment card, bank account, or other financial system." +user.device,Device Data,user,"Data related to a user's device, configuration, and settings." +user.device.cookie_id,Cookie ID,user.device,Cookie unique identification number. +user.device.device_id,Device ID,user.device,Device unique identification number. +user.device.ip_address,IP Address,user.device,Unique identifier related to device connection. +user.contact,Contact Data,user,User contact data for purposes other than account management. +user.contact.city,User Contact City,user.contact,"User's city level address data." +user.contact.country,User Contact Country,user.contact,"User's country level address data." +user.contact.email,User Contact Email,user.contact,"User's email address." +user.contact.phone_number,User Contact Phone Number,user.contact,"User's phone number." +user.contact.postal_code,User Contact Postal Code,user.contact,"User's postal code." +user.contact.state,User Contact State,user.contact,"User's state level address data." +user.contact.street,User Contact Street,user.contact,"User's street level address data." +user.credentials,Credentials,user,User authentication data. +user.credentials.biometric_credentials,Biometric Credentials,user.credentials,Credentials for system authentication. +user.credentials.password,Password,user.credentials,Password for system authentication. +user.financial,Financial Data,user,Payment data and financial history. +user.financial.account_number,Financial Account Number,user.financial,"User's account number for a payment card, bank account, or other financial system." +user.government_id,Government ID,user,State provided identification data. +user.government_id.drivers_license_number,"Driver's License Number",user.government_id,State issued driving identification number. +user.government_id.national_identification_number,National Identification Number,user.government_id,State issued personal identification number. +user.government_id.passport_number,Passport Number,user.government_id,State issued passport data. +user.biometric_health,Biometric Health Data,user,Encoded characteristic collected about a user. +user.browsing_history,Browsing History,user,Content browsing history of a user. +user.childrens,Children's Data,user,Data relating to children. +user.date_of_birth,Date of Birth,user,"User's date of birth." +user.demographic,Demographic Data,user,Demographic data about a user. +user.gender,Gender,user,Gender of an individual. +user.genetic,Genetic Data,user,Data about the genetic makeup provided by a user. +user.health_and_medical,Health and Medical Data,user,"Health records or individual's personal medical information." +user.job_title,Job Title,user,Professional data. +user.location,Location Data,user,Records of the location of a user. +user.name,Name,user,"User's real name." +user.non_specific_age,Non-Specific Age,user,Age range data. +user.media_consumption,Media Consumption Data,user,Media type consumption data of a user. +user.observed,Observed Data,user,Data collected through observation of use of the system. +user.organization,Organization Data,user,Data that is linked to, or identifies an organization. +user.political_opinion,Political Opinion,user,"Data related to the individual's political opinions." +user.profiling,Profiling Data,user,Preference and interest data about a user. +user.race,Race,user,Racial or ethnic origin data. +user.religious_belief,Religious Belief,user,Religion or religious belief. +user.search_history,Search History,user,Records of search history and queries of a user. +user.sensor,Sensor Data,user,Non-user identifiable measurement data derived from sensors and monitoring systems. +user.sexual_orientation,Sexual Orientation,user,Personal sex life or sexual data. +user.social,Social Data,user,Social activity and interaction data. +user.telemetry,Telemetry Data,user,User measurement data from system sensors and monitoring. +user.unique_id,Unique ID,user,Unique identifier for a user assigned through system use. +user.user_sensor,User Sensor Data,user,Measurement data derived about a user's environment through system use. +user.workplace,Workplace,user,Organization of employment. \ No newline at end of file diff --git a/data_files/data_categories.json b/data_files/data_categories.json index 7a7ad0c9..ecbd0ed9 100644 --- a/data_files/data_categories.json +++ b/data_files/data_categories.json @@ -1,68 +1,69 @@ { "data_category": [ { - "privacy_key": "account", + "privacy_key": "user.account", "name": "Account Data", - "description": "Data related to a system account." + "parent_key": "user", + "description": "Data related to a user's system account." }, { - "privacy_key": "account.contact", + "privacy_key": "user.account.contact", "name": "Account Contact Data", - "parent_key": "account", - "description": "Contact data related to a system account." + "parent_key": "user.account", + "description": "Contact data related to a user account." }, { - "privacy_key": "account.contact.city", + "privacy_key": "user.account.contact.city", "name": "Account City", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's city level address data." }, { - "privacy_key": "account.contact.country", + "privacy_key": "user.account.contact.country", "name": "Account Country", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's country level address data." }, { - "privacy_key": "account.contact.email", + "privacy_key": "user.account.contact.email", "name": "Account Email", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's email address." }, { - "privacy_key": "account.contact.phone_number", + "privacy_key": "user.account.contact.phone_number", "name": "Account Phone Number", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's phone number." }, { - "privacy_key": "account.contact.postal_code", + "privacy_key": "user.account.contact.postal_code", "name": "Account Postal Code", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's postal code." }, { - "privacy_key": "account.contact.state", + "privacy_key": "user.account.contact.state", "name": "Account State", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's state level address data." }, { - "privacy_key": "account.contact.street", + "privacy_key": "user.account.contact.street", "name": "Account Street", - "parent_key": "account.contact", + "parent_key": "user.account.contact", "description": "Account's street level address." }, { - "privacy_key": "account.payment", + "privacy_key": "user.account.payment", "name": "Payment Data", "parent_key": "account", - "description": "Payment data related to system account." + "description": "Payment data related to a user account." }, { - "privacy_key": "account.payment.financial_account_number", + "privacy_key": "user.account.payment.financial_account_number", "name": "Account Payment Financial Account Number", - "parent_key": "account.payment", + "parent_key": "user.account.payment", "description": "Financial account number for an account's payment card, bank account, or other financial system." }, { @@ -88,376 +89,340 @@ "description": "Data related to the user of the system, either provided directly or derived based on their usage." }, { - "privacy_key": "user.derived", - "name": "Derived Data", - "parent_key": "user", - "description": "Data derived from user provided data or as a result of user actions in the system." - }, - { - "privacy_key": "user.derived.identifiable", - "name": "Derived User Identifiable Data", - "parent_key": "user.derived", - "description": "Derived data that is linked to, or identifies a user." - }, - { - "privacy_key": "user.derived.identifiable.biometric_health", + "privacy_key": "user.biometric_health", "name": "Biometric Health Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Encoded characteristic collected about a user." }, { - "privacy_key": "user.derived.identifiable.browsing_history", + "privacy_key": "user.browsing_history", "name": "Browsing History", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Content browsing history of a user." }, { - "privacy_key": "user.derived.identifiable.demographic", + "privacy_key": "user.demographic", "name": "Demographic Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Demographic data about a user." }, { - "privacy_key": "user.derived.identifiable.contact", - "name": "Derived Contact Data", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.contact", + "name": "Contact Data", + "parent_key": "user", "description": "Contact data collected about a user." }, { - "privacy_key": "user.derived.identifiable.device", + "privacy_key": "user.device", "name": "Device Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Data related to a user's device, configuration and setting." }, { - "privacy_key": "user.derived.identifiable.device.cookie_id", + "privacy_key": "user.device.cookie_id", "name": "Cookie ID", - "parent_key": "user.derived.identifiable.device", + "parent_key": "user.device", "description": "Cookie unique identification number." }, { - "privacy_key": "user.derived.identifiable.device.device_id", + "privacy_key": "user.device.device_id", "name": "Device ID", - "parent_key": "user.derived.identifiable.device", + "parent_key": "user.device", "description": "Device unique identification number." }, { - "privacy_key": "user.derived.identifiable.device.ip_address", + "privacy_key": "user.device.ip_address", "name": "IP Address", - "parent_key": "user.derived.identifiable.device", + "parent_key": "user.device", "description": "Unique identifier related to device connection." }, { - "privacy_key": "user.derived.identifiable.gender", - "name": "Derived Gender", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.gender", + "name": "Gender", + "parent_key": "user", "description": "Gender of an individual." }, { - "privacy_key": "user.derived.identifiable.location", + "privacy_key": "user.location", "name": "Location Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Records of the location of a user." }, { - "privacy_key": "user.derived.identifiable.media_consumption", + "privacy_key": "user.media_consumption", "name": "Media Consumption Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Media type consumption data of a user." }, { - "privacy_key": "user.derived.identifiable.non_specific_age", - "name": "Derived Non-Specific Age", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.non_specific_age", + "name": "Non-Specific Age", + "parent_key": "user", "description": "Age range data." }, { - "privacy_key": "user.derived.identifiable.observed", + "privacy_key": "user.observed", "name": "Observed Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Data collected through observation of use of the system." }, { - "privacy_key": "user.derived.identifiable.profiling", + "privacy_key": "user.profiling", "name": "Profiling Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Preference and interest data about a user." }, { - "privacy_key": "user.derived.identifiable.race", - "name": "Derived Race", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.race", + "name": "Race", + "parent_key": "user", "description": "Racial or ethnic origin data." }, { - "privacy_key": "user.derived.identifiable.religious_belief", - "name": "Derived Religious Belief", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.religious_belief", + "name": "Religious Belief", + "parent_key": "user", "description": "Religion or religious belief." }, { - "privacy_key": "user.derived.identifiable.search_history", + "privacy_key": "user.search_history", "name": "Search History", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Records of search history and queries of a user." }, { - "privacy_key": "user.derived.identifiable.sexual_orientation", - "name": "Derived Sexual Orientation", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.sexual_orientation", + "name": "Sexual Orientation", + "parent_key": "user", "description": "Personal sex life or sexual data." }, { - "privacy_key": "user.derived.identifiable.social", + "privacy_key": "user.social", "name": "Social Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Social activity and interaction data." }, { - "privacy_key": "user.derived.identifiable.telemetry", + "privacy_key": "user.telemetry", "name": "Telemetry Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "User identifiable measurement data from system sensors and monitoring." }, { - "privacy_key": "user.derived.identifiable.unique_id", + "privacy_key": "user.unique_id", "name": "Unique ID", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Unique identifier for a user assigned through system use." }, { - "privacy_key": "user.derived.identifiable.user_sensor", + "privacy_key": "user.user_sensor", "name": "User Sensor Data", - "parent_key": "user.derived.identifiable", + "parent_key": "user", "description": "Measurement data derived about a user's environment through system use." }, { - "privacy_key": "user.derived.identifiable.organization", + "privacy_key": "user.organization", "name": "Organization Identifiable Data", - "parent_key": "user.derived.identifiable", - "description": "Derived data that is linked to, or identifies an organization." + "parent_key": "user", + "description": "data that is linked to, or identifies an organization." }, { - "privacy_key": "user.derived.identifiable.workplace", - "name": "Derived Workplace", - "parent_key": "user.derived.identifiable", + "privacy_key": "user.workplace", + "name": "Workplace", + "parent_key": "user", "description": "Organization of employment." }, { - "privacy_key": "user.derived.nonidentifiable", - "name": "Derived User Non-Identifiable Data", - "parent_key": "user.derived", - "description": "Non-user identifiable data derived related to a user as a result of user actions in the system." - }, - { - "privacy_key": "user.derived.nonidentifiable.sensor", + "privacy_key": "user.sensor", "name": "Sensor Data", - "parent_key": "user.derived.nonidentifiable", - "description": "Non-user identifiable measurement data derived from sensors and monitoring systems." - }, - { - "privacy_key": "user.provided", - "name": "User Provided Data", "parent_key": "user", - "description": "Data provided or created directly by a user of the system." - }, - { - "privacy_key": "user.provided.identifiable", - "name": "User Provided Identifiable Data", - "parent_key": "user.provided", - "description": "Data provided or created directly by a user that is linked to or identifies a user." + "description": "Non-user identifiable measurement data derived from sensors and monitoring systems." }, { - "privacy_key": "user.provided.identifiable.biometric", + "privacy_key": "user.biometric", "name": "Biometric Data", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Encoded characteristics provided by a user." }, { - "privacy_key": "user.provided.identifiable.childrens", + "privacy_key": "user.childrens", "name": "Children's Data", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Data relating to children." }, { - "privacy_key": "user.provided.identifiable.contact", - "name": "Provided Contact Data", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.contact", + "name": "Contact Data", + "parent_key": "user", "description": "User provided contact data for purposes other than account management." }, { - "privacy_key": "user.provided.identifiable.contact.city", - "name": "User Provided City", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.city", + "name": "User City", + "parent_key": "user.contact", "description": "User's city level address data." }, { - "privacy_key": "user.provided.identifiable.contact.country", - "name": "User Provided Country", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.country", + "name": "User Country", + "parent_key": "user.contact", "description": "User's country level address data." }, { - "privacy_key": "user.provided.identifiable.contact.email", - "name": "User Provided Email", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.email", + "name": "User Email", + "parent_key": "user.contact", "description": "User's provided email address." }, { - "privacy_key": "user.provided.identifiable.contact.phone_number", - "name": "User Provided Phone Number", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.phone_number", + "name": "User Phone Number", + "parent_key": "user.contact", "description": "User's phone number." }, { - "privacy_key": "user.provided.identifiable.contact.postal_code", - "name": "User Provided Postal Code", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.postal_code", + "name": "User Postal Code", + "parent_key": "user.contact", "description": "User's postal code." }, { - "privacy_key": "user.provided.identifiable.contact.state", - "name": "User Provided State", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.state", + "name": "User State", + "parent_key": "user.contact", "description": "User's state level address data." }, { - "privacy_key": "user.provided.identifiable.contact.street", - "name": "User Provided Street", - "parent_key": "user.provided.identifiable.contact", + "privacy_key": "user.contact.street", + "name": "User Street", + "parent_key": "user.contact", "description": "User's street level address data." }, { - "privacy_key": "user.provided.identifiable.credentials", + "privacy_key": "user.credentials", "name": "Credentials", - "parent_key": "user.provided.identifiable", - "description": "User provided authentication data." + "parent_key": "user", + "description": "User authentication data." }, { - "privacy_key": "user.provided.identifiable.credentials.biometric_credentials", + "privacy_key": "user.credentials.biometric_credentials", "name": "Biometric Credentials", - "parent_key": "user.provided.identifiable.credentials", + "parent_key": "user.credentials", "description": "Credentials for system authentication." }, { - "privacy_key": "user.provided.identifiable.credentials.password", + "privacy_key": "user.credentials.password", "name": "Password", - "parent_key": "user.provided.identifiable.credentials", + "parent_key": "user.credentials", "description": "Password for system authentication." }, { - "privacy_key": "user.provided.identifiable.date_of_birth", + "privacy_key": "user.date_of_birth", "name": "Date of Birth", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "User's date of birth." }, { - "privacy_key": "user.provided.identifiable.financial", + "privacy_key": "user.financial", "name": "Financial Data", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Payment data and financial history." }, { - "privacy_key": "user.provided.identifiable.financial.account_number", - "name": "User Provided Financial Account Number", - "parent_key": "user.provided.identifiable.financial", + "privacy_key": "user.financial.account_number", + "name": "User Financial Account Number", + "parent_key": "user.financial", "description": "User's account number for a payment card, bank account, or other financial system." }, { - "privacy_key": "user.provided.identifiable.gender", - "name": "User Provided Gender", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.gender", + "name": "User Gender", + "parent_key": "user", "description": "Gender of an individual." }, { - "privacy_key": "user.provided.identifiable.genetic", + "privacy_key": "user.genetic", "name": "Genetic Data", - "parent_key": "user.provided.identifiable", - "description": "Data about the genetic makeup provided by a user." + "parent_key": "user", + "description": "Data about the genetic makeup by a user." }, { - "privacy_key": "user.provided.identifiable.government_id", + "privacy_key": "user.government_id", "name": "Government ID", - "parent_key": "user.provided.identifiable", - "description": "State provided identification data." + "parent_key": "user", + "description": "State identification data." }, { - "privacy_key": "user.provided.identifiable.government_id.drivers_license_number", + "privacy_key": "user.government_id.drivers_license_number", "name": "Driver's License Number", - "parent_key": "user.provided.identifiable.government_id", + "parent_key": "user.government_id", "description": "State issued driving identification number." }, { - "privacy_key": "user.provided.identifiable.government_id.national_identification_number", + "privacy_key": "user.government_id.national_identification_number", "name": "National Identification Number", - "parent_key": "user.provided.identifiable.government_id", + "parent_key": "user.government_id", "description": "State issued personal identification number." }, { - "privacy_key": "user.provided.identifiable.government_id.passport_number", + "privacy_key": "user.government_id.passport_number", "name": "Passport Number", - "parent_key": "user.provided.identifiable.government_id", + "parent_key": "user.government_id", "description": "State issued passport data." }, { - "privacy_key": "user.provided.identifiable.health_and_medical", + "privacy_key": "user.health_and_medical", "name": "Health and Medical Data", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Health records or individual's personal medical information." }, { - "privacy_key": "user.provided.identifiable.job_title", + "privacy_key": "user.job_title", "name": "Job Title", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Professional data." }, { - "privacy_key": "user.provided.identifiable.name", + "privacy_key": "user.name", "name": "Name", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "User's real name." }, { - "privacy_key": "user.provided.identifiable.non_specific_age", - "name": "User Provided Non-Specific Age", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.non_specific_age", + "name": "User Non-Specific Age", + "parent_key": "user", "description": "Age range data." }, { - "privacy_key": "user.provided.identifiable.political_opinion", + "privacy_key": "user.political_opinion", "name": "Political Opinion", - "parent_key": "user.provided.identifiable", + "parent_key": "user", "description": "Data related to the individual's political opinions." }, { - "privacy_key": "user.provided.identifiable.race", - "name": "User Provided Race", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.race", + "name": "User Race", + "parent_key": "user", "description": "Racial or ethnic origin data." }, { - "privacy_key": "user.provided.identifiable.religious_belief", - "name": "User Provided Religious Belief", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.religious_belief", + "name": "User Religious Belief", + "parent_key": "user", "description": "Religion or religious belief." }, { - "privacy_key": "user.provided.identifiable.sexual_orientation", - "name": "User Provided Sexual Orientation", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.sexual_orientation", + "name": "User Sexual Orientation", + "parent_key": "user", "description": "Personal sex life or sexual data." }, { - "privacy_key": "user.provided.identifiable.workplace", - "name": "User Provided Workplace", - "parent_key": "user.provided.identifiable", + "privacy_key": "user.workplace", + "name": "User Workplace", + "parent_key": "user", "description": "Organization of employment." - }, - { - "privacy_key": "user.provided.nonidentifiable", - "name": "User Provided Non-Identifiable Data", - "parent_key": "user.provided", - "description": "Data provided or created directly by a user that is not identifiable." } ] } diff --git a/data_files/data_categories.yml b/data_files/data_categories.yml index 5771a4cb..2770a224 100644 --- a/data_files/data_categories.yml +++ b/data_files/data_categories.yml @@ -74,318 +74,282 @@ data_category: name: User Data description: Data related to the user of the system, either provided directly or derived based on their usage. - # User Derived Data -- Data related to an individual, derived from their actions in the system. - - privacy_key: user.derived - name: Derived Data - parent_key: user - description: Data derived from user provided data or as a result of user actions in the system. - - # User Derived, Identifiable Data -- Data derived from a users actions that identifies them. - - privacy_key: user.derived.identifiable - name: Derived User Identifiable Data - parent_key: user.derived - description: Derived data that is linked to, or identifies a user. - - - privacy_key: user.derived.identifiable.biometric_health + - privacy_key: user.biometric_health name: Biometric Health Data - parent_key: user.derived.identifiable + parent_key: user description: Encoded characteristic collected about a user. - - privacy_key: user.derived.identifiable.browsing_history + - privacy_key: user.browsing_history name: Browsing History - parent_key: user.derived.identifiable + parent_key: user description: Content browsing history of a user. - - privacy_key: user.derived.identifiable.demographic + - privacy_key: user.demographic name: Demographic Data - parent_key: user.derived.identifiable + parent_key: user description: Demographic data about a user. - - privacy_key: user.derived.identifiable.contact - name: Derived Contact Data - parent_key: user.derived.identifiable + - privacy_key: user.contact + name: Contact Data + parent_key: user description: Contact data collected about a user. - - privacy_key: user.derived.identifiable.device + - privacy_key: user.device name: Device Data - parent_key: user.derived.identifiable + parent_key: user description: Data related to a user's device, configuration and setting. - - privacy_key: user.derived.identifiable.device.cookie_id + - privacy_key: user.device.cookie_id name: Cookie ID - parent_key: user.derived.identifiable.device + parent_key: user.device description: Cookie unique identification number. - - privacy_key: user.derived.identifiable.device.device_id + - privacy_key: user.device.device_id name: Device ID - parent_key: user.derived.identifiable.device + parent_key: user.device description: Device unique identification number. - - privacy_key: user.derived.identifiable.device.ip_address + - privacy_key: user.device.ip_address name: IP Address - parent_key: user.derived.identifiable.device + parent_key: user.device description: Unique identifier related to device connection. - - privacy_key: user.derived.identifiable.gender - name: Derived Gender - parent_key: user.derived.identifiable + - privacy_key: user.gender + name: Gender + parent_key: user description: Gender of an individual. - - privacy_key: user.derived.identifiable.location + - privacy_key: user.location name: Location Data - parent_key: user.derived.identifiable + parent_key: user description: Records of the location of a user. - - privacy_key: user.derived.identifiable.media_consumption + - privacy_key: user.media_consumption name: Media Consumption Data - parent_key: user.derived.identifiable + parent_key: user description: Media type consumption data of a user. - - privacy_key: user.derived.identifiable.non_specific_age - name: Derived Non-Specific Age - parent_key: user.derived.identifiable + - privacy_key: user.non_specific_age + name: Non-Specific Age + parent_key: user description: Age range data. - - privacy_key: user.derived.identifiable.observed + - privacy_key: user.observed name: Observed Data - parent_key: user.derived.identifiable + parent_key: user description: Data collected through observation of use of the system. - - privacy_key: user.derived.identifiable.profiling + - privacy_key: user.profiling name: Profiling Data - parent_key: user.derived.identifiable + parent_key: user description: Preference and interest data about a user. - - privacy_key: user.derived.identifiable.race - name: Derived Race - parent_key: user.derived.identifiable + - privacy_key: user.race + name: Race + parent_key: user description: Racial or ethnic origin data. - - privacy_key: user.derived.identifiable.religious_belief - name: Derived Religious Belief - parent_key: user.derived.identifiable + - privacy_key: user.religious_belief + name: Religious Belief + parent_key: user description: Religion or religious belief. - - privacy_key: user.derived.identifiable.search_history + - privacy_key: user.search_history name: Search History - parent_key: user.derived.identifiable + parent_key: user description: Records of search history and queries of a user. - - privacy_key: user.derived.identifiable.sexual_orientation - name: Derived Sexual Orientation - parent_key: user.derived.identifiable + - privacy_key: user.sexual_orientation + name: Sexual Orientation + parent_key: user description: Personal sex life or sexual data. - - privacy_key: user.derived.identifiable.social + - privacy_key: user.social name: Social Data - parent_key: user.derived.identifiable + parent_key: user description: Social activity and interaction data. - - privacy_key: user.derived.identifiable.telemetry + - privacy_key: user.telemetry name: Telemetry Data - parent_key: user.derived.identifiable + parent_key: user description: User identifiable measurement data from system sensors and monitoring. - - privacy_key: user.derived.identifiable.unique_id + - privacy_key: user.unique_id name: Unique ID - parent_key: user.derived.identifiable + parent_key: user description: Unique identifier for a user assigned through system use. - - privacy_key: user.derived.identifiable.user_sensor + - privacy_key: user.user_sensor name: User Sensor Data - parent_key: user.derived.identifiable + parent_key: user description: Measurement data derived about a user's environment through system use. - - privacy_key: user.derived.identifiable.organization + - privacy_key: user.organization name: Organization Identifiable Data - parent_key: user.derived.identifiable - description: Derived data that is linked to, or identifies an organization. + parent_key: user + description: data that is linked to, or identifies an organization. - - privacy_key: user.derived.identifiable.workplace - name: Derived Workplace - parent_key: user.derived.identifiable + - privacy_key: user.workplace + name: Workplace + parent_key: user description: Organization of employment. - # User Derived, Non-identifiable Data -- Data derived from a users actions that does not identify them. - - privacy_key: user.derived.nonidentifiable - name: Derived User Non-Identifiable Data - parent_key: user.derived - description: Non-user identifiable data derived related to a user as a result of user actions in the system. - - - privacy_key: user.derived.nonidentifiable.sensor + - privacy_key: user.sensor name: Sensor Data - parent_key: user.derived.nonidentifiable - description: Non-user identifiable measurement data derived from sensors and monitoring systems. - - # User Provided Data -- Data related to an individual, provided directly by the individual. - - privacy_key: user.provided - name: User Provided Data parent_key: user - description: Data provided or created directly by a user of the system. - - # User Provided, Identifiable Data -- Data provided by a user that identifies them. - - privacy_key: user.provided.identifiable - name: User Provided Identifiable Data - parent_key: user.provided - description: Data provided or created directly by a user that is linked to or identifies a user. + description: Non-user identifiable measurement data derived from sensors and monitoring systems. - - privacy_key: user.provided.identifiable.biometric + - privacy_key: user.biometric name: Biometric Data - parent_key: user.provided.identifiable + parent_key: user description: Encoded characteristics provided by a user. - - privacy_key: user.provided.identifiable.childrens + - privacy_key: user.childrens name: Children's Data - parent_key: user.provided.identifiable + parent_key: user description: Data relating to children. - - privacy_key: user.provided.identifiable.contact - name: Provided Contact Data - parent_key: user.provided.identifiable + - privacy_key: user.contact + name: Contact Data + parent_key: user description: User provided contact data for purposes other than account management. - - privacy_key: user.provided.identifiable.contact.city - name: User Provided City - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.city + name: User City + parent_key: user.contact description: User's city level address data. - - privacy_key: user.provided.identifiable.contact.country - name: User Provided Country - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.country + name: User Country + parent_key: user.contact description: User's country level address data. - - privacy_key: user.provided.identifiable.contact.email - name: User Provided Email - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.email + name: User Email + parent_key: user.contact description: User's provided email address. - - privacy_key: user.provided.identifiable.contact.phone_number - name: User Provided Phone Number - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.phone_number + name: User Phone Number + parent_key: user.contact description: User's phone number. - - privacy_key: user.provided.identifiable.contact.postal_code - name: User Provided Postal Code - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.postal_code + name: User Postal Code + parent_key: user.contact description: User's postal code. - - privacy_key: user.provided.identifiable.contact.state - name: User Provided State - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.state + name: User State + parent_key: user.contact description: User's state level address data. - - privacy_key: user.provided.identifiable.contact.street - name: User Provided Street - parent_key: user.provided.identifiable.contact + - privacy_key: user.contact.street + name: User Street + parent_key: user.contact description: User's street level address data. - - privacy_key: user.provided.identifiable.credentials + - privacy_key: user.credentials name: Credentials - parent_key: user.provided.identifiable + parent_key: user description: User provided authentication data. - - privacy_key: user.provided.identifiable.credentials.biometric_credentials + - privacy_key: user.credentials.biometric_credentials name: Biometric Credentials - parent_key: user.provided.identifiable.credentials + parent_key: user.credentials description: Credentials for system authentication. - - privacy_key: user.provided.identifiable.credentials.password + - privacy_key: user.credentials.password name: Password - parent_key: user.provided.identifiable.credentials + parent_key: user.credentials description: Password for system authentication. - - privacy_key: user.provided.identifiable.date_of_birth + - privacy_key: user.date_of_birth name: Date of Birth - parent_key: user.provided.identifiable + parent_key: user description: User's date of birth. - - privacy_key: user.provided.identifiable.financial + - privacy_key: user.financial name: Financial Data - parent_key: user.provided.identifiable + parent_key: user description: Payment data and financial history. - - privacy_key: user.provided.identifiable.financial.account_number - name: User Provided Financial Account Number - parent_key: user.provided.identifiable.financial + - privacy_key: user.financial.account_number + name: User Financial Account Number + parent_key: user.financial description: User's account number for a payment card, bank account, or other financial system. - - privacy_key: user.provided.identifiable.gender - name: User Provided Gender - parent_key: user.provided.identifiable + - privacy_key: user.gender + name: User Gender + parent_key: user description: Gender of an individual. - - privacy_key: user.provided.identifiable.genetic + - privacy_key: user.genetic name: Genetic Data - parent_key: user.provided.identifiable + parent_key: user description: Data about the genetic makeup provided by a user. - - privacy_key: user.provided.identifiable.government_id + - privacy_key: user.government_id name: Government ID - parent_key: user.provided.identifiable + parent_key: user description: State provided identification data. - - privacy_key: user.provided.identifiable.government_id.drivers_license_number + - privacy_key: user.government_id.drivers_license_number name: Driver's License Number - parent_key: user.provided.identifiable.government_id + parent_key: user.government_id description: State issued driving identification number. - - privacy_key: user.provided.identifiable.government_id.national_identification_number + - privacy_key: user.government_id.national_identification_number name: National Identification Number - parent_key: user.provided.identifiable.government_id + parent_key: user.government_id description: State issued personal identification number. - - privacy_key: user.provided.identifiable.government_id.passport_number + - privacy_key: user.government_id.passport_number name: Passport Number - parent_key: user.provided.identifiable.government_id + parent_key: user.government_id description: State issued passport data. - - privacy_key: user.provided.identifiable.health_and_medical + - privacy_key: user.health_and_medical name: Health and Medical Data - parent_key: user.provided.identifiable + parent_key: user description: Health records or individual's personal medical information. - - privacy_key: user.provided.identifiable.job_title + - privacy_key: user.job_title name: Job Title - parent_key: user.provided.identifiable + parent_key: user description: Professional data. - - privacy_key: user.provided.identifiable.name + - privacy_key: user.name name: Name - parent_key: user.provided.identifiable + parent_key: user description: User's real name. - - privacy_key: user.provided.identifiable.non_specific_age - name: User Provided Non-Specific Age - parent_key: user.provided.identifiable + - privacy_key: user.non_specific_age + name: User Non-Specific Age + parent_key: user description: Age range data. - - privacy_key: user.provided.identifiable.political_opinion + - privacy_key: user.political_opinion name: Political Opinion - parent_key: user.provided.identifiable + parent_key: user description: Data related to the individual's political opinions. - - privacy_key: user.provided.identifiable.race - name: User Provided Race - parent_key: user.provided.identifiable + - privacy_key: user.race + name: User Race + parent_key: user description: Racial or ethnic origin data. - - privacy_key: user.provided.identifiable.religious_belief - name: User Provided Religious Belief - parent_key: user.provided.identifiable + - privacy_key: user.religious_belief + name: User Religious Belief + parent_key: user description: Religion or religious belief. - - privacy_key: user.provided.identifiable.sexual_orientation - name: User Provided Sexual Orientation - parent_key: user.provided.identifiable + - privacy_key: user.sexual_orientation + name: User Sexual Orientation + parent_key: user description: Personal sex life or sexual data. - - privacy_key: user.provided.identifiable.workplace - name: User Provided Workplace - parent_key: user.provided.identifiable + - privacy_key: user.workplace + name: User Workplace + parent_key: user description: Organization of employment. - - # User Provided, Non-identifiable Data -- Data provided by a user that does not identify them. - - privacy_key: user.provided.nonidentifiable - name: User Provided Non-Identifiable Data - parent_key: user.provided - description: Data provided or created directly by a user that is not identifiable. diff --git a/data_files/data_uses.csv b/data_files/data_uses.csv index 29e20a3a..ade10160 100644 --- a/data_files/data_uses.csv +++ b/data_files/data_uses.csv @@ -1,11 +1,11 @@ fides_key,name,parent_key,description data_use,Data Use,, provide,Provide the capability,data_use,"Provide, give, or make available the product, service, application or system." -provide.system,System,provide,"The source system, product, service or application being provided to the user." -provide.system.operations,System Operations,provide.system,Use of specified data categories to operate and protect the system in order to provide the service. -provide.system.operations.support,Operations Support,provide.system.operations,Use of specified data categories to provide support for operation and protection of the system in order to provide the service. -provide.system.operations.support.optimization,Support Optimization,provide.system.operations.support,Use of specified data categories to optimize and improve support operations in order to provide the service. -provide.system.upgrades,Offer Upgrades,provide.system,Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage. +provide.service,Service,provide,"The source service, product, service or application being provided to the user." +provide.service.operations,System Operations,provide.service,Use of specified data categories to operate and protect the system in order to provide the service. +provide.service.operations.support,Operations Support,provide.service.operations,Use of specified data categories to provide support for operation and protection of the system in order to provide the service. +provide.service.operations.support.optimization,Support Optimization,provide.service.operations.support,Use of specified data categories to optimize and improve support operations in order to provide the service. +provide.service.upgrades,Offer Upgrades,provide.service,Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage. improve,Improve the capability,data_use,"Improve the product, service, application or system." improve.system,System,improve,"The source system, product, service or application being improved." personalize,Personalize the capability,data_use,"Personalize the product, service, application or system." diff --git a/data_files/data_uses.json b/data_files/data_uses.json index fc9f2a50..e5f6d2c0 100644 --- a/data_files/data_uses.json +++ b/data_files/data_uses.json @@ -6,33 +6,33 @@ "description": "Provide, give, or make available the product, service, application or system." }, { - "privacy_key": "provide.system", + "privacy_key": "provide.service", "name": "System", "parent_key": "provide", - "description": "The source system, product, service or application being provided to the user." + "description": "The source service, product, system or application being provided to the user." }, { - "privacy_key": "provide.system.operations", + "privacy_key": "provide.service.operations", "name": "System Operations", - "parent_key": "provide.system", + "parent_key": "provide.service", "description": "Use of specified data categories to operate and protect the system in order to provide the service." }, { - "privacy_key": "provide.system.operations.support", + "privacy_key": "provide.service.operations.support", "name": "Operations Support", - "parent_key": "provide.system.operations", + "parent_key": "provide.service.operations", "description": "Use of specified data categories to provide support for operation and protection of the system in order to provide the service." }, { - "privacy_key": "provide.system.operations.support.optimization", + "privacy_key": "provide.service.operations.support.optimization", "name": "Support Optimization", - "parent_key": "provide.system.operations.support", + "parent_key": "provide.service.operations.support", "description": "Use of specified data categories to optimize and improve support operations in order to provide the service." }, { - "privacy_key": "provide.system.upgrades", + "privacy_key": "provide.service.upgrades", "name": "Offer Upgrades", - "parent_key": "provide.system", + "parent_key": "provide.service", "description": "Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage." }, { diff --git a/data_files/data_uses.yml b/data_files/data_uses.yml index faaf37cd..00d8f98d 100644 --- a/data_files/data_uses.yml +++ b/data_files/data_uses.yml @@ -4,29 +4,29 @@ data_use: name: Provide the capability description: Provide, give, or make available the product, service, application or system. - - privacy_key: provide.system + - privacy_key: provide.service name: System parent_key: provide - description: The source system, product, service or application being provided to the user. + description: The source service, product, system or application being provided to the user. - - privacy_key: provide.system.operations + - privacy_key: provide.service.operations name: System Operations - parent_key: provide.system + parent_key: provide.service description: Use of specified data categories to operate and protect the system in order to provide the service. - - privacy_key: provide.system.operations.support + - privacy_key: provide.service.operations.support name: Operations Support - parent_key: provide.system.operations + parent_key: provide.service.operations description: Use of specified data categories to provide support for operation and protection of the system in order to provide the service. - - privacy_key: provide.system.operations.support.optimization + - privacy_key: provide.service.operations.support.optimization name: Support Optimization - parent_key: provide.system.operations.support + parent_key: provide.service.operations.support description: Use of specified data categories to optimize and improve support operations in order to provide the service. - - privacy_key: provide.system.upgrades + - privacy_key: provide.service.upgrades name: Offer Upgrades - parent_key: provide.system + parent_key: provide.service description: Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage. # Improvement Data diff --git a/demo_resources/demo_dataset.yml b/demo_resources/demo_dataset.yml index b5af3829..29867d45 100644 --- a/demo_resources/demo_dataset.yml +++ b/demo_resources/demo_dataset.yml @@ -26,13 +26,13 @@ dataset: - name: email description: User's Email data_categories: - - user.provided.identifiable.contact.email + - user.contact.email data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified retention: Account termination - name: first_name description: User's first name data_categories: - - user.provided.identifiable.name + - user.name data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified retention: Account termination - name: food_preference @@ -42,10 +42,10 @@ dataset: - name: state description: User's State data_categories: - - user.provided.identifiable.contact.state + - user.contact.state data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified - name: uuid description: User's unique ID data_categories: - - user.derived.identifiable.unique_id + - user.unique_id data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified diff --git a/demo_resources/demo_policy.yml b/demo_resources/demo_policy.yml index 38b8bb67..61ff9c3b 100644 --- a/demo_resources/demo_policy.yml +++ b/demo_resources/demo_policy.yml @@ -8,7 +8,7 @@ policy: data_categories: matches: ANY values: - - user.provided.identifiable.contact + - user.contact data_uses: matches: ANY values: diff --git a/demo_resources/demo_system.yml b/demo_resources/demo_system.yml index a4c257c6..d4ea7df8 100644 --- a/demo_resources/demo_system.yml +++ b/demo_resources/demo_system.yml @@ -15,8 +15,8 @@ system: privacy_declarations: - name: Analyze customer behaviour for improvements. data_categories: - - user.provided.identifiable.contact - - user.derived.identifiable.device.cookie_id + - user.contact + - user.device.cookie_id data_use: improve.system data_subjects: - customer @@ -32,8 +32,8 @@ system: privacy_declarations: - name: Collect data for marketing data_categories: - #- user.provided.identifiable.contact # uncomment to add this category to the system - - user.derived.identifiable.device.cookie_id + #- user.contact # uncomment to add this category to the system + - user.cookie_id data_use: advertising data_subjects: - customer diff --git a/mkdocs/docs/csv/data_categories.csv b/mkdocs/docs/csv/data_categories.csv index 0acf19e6..0c910e67 100644 --- a/mkdocs/docs/csv/data_categories.csv +++ b/mkdocs/docs/csv/data_categories.csv @@ -1,79 +1,65 @@ privacy_key,name,parent_key,description data_category,Data Category,, -account,Account Data,data_category,Data related to a system account. -account.contact,Account Contact Data,account,Contact data related to a system account. -account.contact.city,Account City,account.contact,Account's city level address data. -account.contact.country,Account Country,account.contact,Account's country level address data. -account.contact.email,Account Email,account.contact,Account's email address. -account.contact.phone_number,Account Phone Number,account.contact,Account's phone number. -account.contact.postal_code,Account Postal Code,account.contact,Account's postal code. -account.contact.state,Account State,account.contact,Account's state level address data. -account.contact.street,Account Street,account.contact,Account's street level address. -account.payment,Payment Data,account,Payment data related to system account. -account.payment.financial_account_number,Account Payment Financial Account Number,account.payment,"Financial account number for an account's payment card, bank account, or other financial system." system,System Data,data_category,"Data unique to, and under control of the system." system.authentication,Authentication Data,system,Data used to manage access to the system. system.operations,Operations Data,system,Data used for system operations. user,User Data,data_category,"Data related to the user of the system, either provided directly or derived based on their usage." -user.derived,Derived Data,user,Data derived from user provided data or as a result of user actions in the system. -user.derived.identifiable,Derived User Identifiable Data,user.derived,"Derived data that is linked to, or identifies a user." -user.derived.identifiable.biometric_health,Biometric Health Data,user.derived.identifiable,Encoded characteristic collected about a user. -user.derived.identifiable.browsing_history,Browsing History,user.derived.identifiable,Content browsing history of a user. -user.derived.identifiable.demographic,Demographic Data,user.derived.identifiable,Demographic data about a user. -user.derived.identifiable.contact,Derived Contact Data,user.derived.identifiable,Contact data collected about a user. -user.derived.identifiable.device,Device Data,user.derived.identifiable,"Data related to a user's device, configuration and setting." -user.derived.identifiable.device.cookie_id,Cookie ID,user.derived.identifiable.device,Cookie unique identification number. -user.derived.identifiable.device.device_id,Device ID,user.derived.identifiable.device,Device unique identification number. -user.derived.identifiable.device.ip_address,IP Address,user.derived.identifiable.device,Unique identifier related to device connection. -user.derived.identifiable.gender,Derived Gender,user.derived.identifiable,Gender of an individual. -user.derived.identifiable.location,Location Data,user.derived.identifiable,Records of the location of a user. -user.derived.identifiable.media_consumption,Media Consumption Data,user.derived.identifiable,Media type consumption data of a user. -user.derived.identifiable.non_specific_age,Derived Non-Specific Age,user.derived.identifiable,Age range data. -user.derived.identifiable.observed,Observed Data,user.derived.identifiable,Data collected through observation of use of the system. -user.derived.identifiable.profiling,Profiling Data,user.derived.identifiable,Preference and interest data about a user. -user.derived.identifiable.race,Derived Race,user.derived.identifiable,Racial or ethnic origin data. -user.derived.identifiable.religious_belief,Derived Religious Belief,user.derived.identifiable,Religion or religious belief. -user.derived.identifiable.search_history,Search History,user.derived.identifiable,Records of search history and queries of a user. -user.derived.identifiable.sexual_orientation,Derived Sexual Orientation,user.derived.identifiable,Personal sex life or sexual data. -user.derived.identifiable.social,Social Data,user.derived.identifiable,Social activity and interaction data. -user.derived.identifiable.telemetry,Telemetry Data,user.derived.identifiable,User identifiable measurement data from system sensors and monitoring. -user.derived.identifiable.unique_id,Unique ID,user.derived.identifiable,Unique identifier for a user assigned through system use. -user.derived.identifiable.user_sensor,User Sensor Data,user.derived.identifiable,Measurement data derived about a user's environment through system use. -user.derived.identifiable.organization,Organization Identifiable Data,user.derived.identifiable,"Derived data that is linked to, or identifies an organization." -user.derived.identifiable.workplace,Derived Workplace,user.derived.identifiable,Organization of employment. -user.derived.nonidentifiable,Derived User Non-Identifiable Data,user.derived,Non-user identifiable data derived related to a user as a result of user actions in the system. -user.derived.nonidentifiable.sensor,Sensor Data,user.derived.nonidentifiable,Non-user identifiable measurement data derived from sensors and monitoring systems. -user.provided,User Provided Data,user,Data provided or created directly by a user of the system. -user.provided.identifiable,User Provided Identifiable Data,user.provided,Data provided or created directly by a user that is linked to or identifies a user. -user.provided.identifiable.biometric,Biometric Data,user.provided.identifiable,Encoded characteristics provided by a user. -user.provided.identifiable.childrens,Children's Data,user.provided.identifiable,Data relating to children. -user.provided.identifiable.contact,Provided Contact Data,user.provided.identifiable,User provided contact data for purposes other than account management. -user.provided.identifiable.contact.city,User Provided City,user.provided.identifiable.contact,User's city level address data. -user.provided.identifiable.contact.country,User Provided Country,user.provided.identifiable.contact,User's country level address data. -user.provided.identifiable.contact.email,User Provided Email,user.provided.identifiable.contact,User's provided email address. -user.provided.identifiable.contact.phone_number,User Provided Phone Number,user.provided.identifiable.contact,User's phone number. -user.provided.identifiable.contact.postal_code,User Provided Postal Code,user.provided.identifiable.contact,User's postal code. -user.provided.identifiable.contact.state,User Provided State,user.provided.identifiable.contact,User's state level address data. -user.provided.identifiable.contact.street,User Provided Street,user.provided.identifiable.contact,User's street level address data. -user.provided.identifiable.credentials,Credentials,user.provided.identifiable,User provided authentication data. -user.provided.identifiable.credentials.biometric_credentials,Biometric Credentials,user.provided.identifiable.credentials,Credentials for system authentication. -user.provided.identifiable.credentials.password,Password,user.provided.identifiable.credentials,Password for system authentication. -user.provided.identifiable.date_of_birth,Date of Birth,user.provided.identifiable,User's date of birth. -user.provided.identifiable.financial,Financial Data,user.provided.identifiable,Payment data and financial history. -user.provided.identifiable.financial.account_number,User Provided Financial Account Number,user.provided.identifiable.financial,"User's account number for a payment card, bank account, or other financial system." -user.provided.identifiable.gender,User Provided Gender,user.provided.identifiable,Gender of an individual. -user.provided.identifiable.genetic,Genetic Data,user.provided.identifiable,Data about the genetic makeup provided by a user. -user.provided.identifiable.government_id,Government ID,user.provided.identifiable,State provided identification data. -user.provided.identifiable.government_id.drivers_license_number,Driver's License Number,user.provided.identifiable.government_id,State issued driving identification number. -user.provided.identifiable.government_id.national_identification_number,National Identification Number,user.provided.identifiable.government_id,State issued personal identification number. -user.provided.identifiable.government_id.passport_number,Passport Number,user.provided.identifiable.government_id,State issued passport data. -user.provided.identifiable.health_and_medical,Health and Medical Data,user.provided.identifiable,Health records or individual's personal medical information. -user.provided.identifiable.job_title,Job Title,user.provided.identifiable,Professional data. -user.provided.identifiable.name,Name,user.provided.identifiable,User's real name. -user.provided.identifiable.non_specific_age,User Provided Non-Specific Age,user.provided.identifiable,Age range data. -user.provided.identifiable.political_opinion,Political Opinion,user.provided.identifiable,Data related to the individual's political opinions. -user.provided.identifiable.race,User Provided Race,user.provided.identifiable,Racial or ethnic origin data. -user.provided.identifiable.religious_belief,User Provided Religious Belief,user.provided.identifiable,Religion or religious belief. -user.provided.identifiable.sexual_orientation,User Provided Sexual Orientation,user.provided.identifiable,Personal sex life or sexual data. -user.provided.identifiable.workplace,User Provided Workplace,user.provided.identifiable,Organization of employment. -user.provided.nonidentifiable,User Provided Non-Identifiable Data,user.provided,Data provided or created directly by a user that is not identifiable. +user.account,Account Data,user,Data related to a user's system account. +user.account.contact,Account Contact Data,user.account,Contact data related to a system account. +user.account.contact.city,Account City,user.account.contact,Account's city level address data. +user.account.contact.country,Account Country,user.account.contact,Account's country level address data. +user.account.contact.email,Account Email,user.account.contact,Account's email address. +user.account.contact.phone_number,Account Phone Number,user.account.contact,Account's phone number. +user.account.contact.postal_code,Account Postal Code,user.account.contact,Account's postal code. +user.account.contact.state,Account State,user.account.contact,Account's state level address data. +user.account.contact.street,Account Street,user.account.contact,Account's street level address. +user.account.payment,Payment Data,user.account,Payment data related to system account. +user.account.payment.financial_account_number,Account Payment Financial Account Number,user.account.payment,"Financial account number for an account's payment card, bank account, or other financial system." +user.device,Device Data,user,"Data related to a user's device, configuration, and settings." +user.device.cookie_id,Cookie ID,user.device,Cookie unique identification number. +user.device.device_id,Device ID,user.device,Device unique identification number. +user.device.ip_address,IP Address,user.device,Unique identifier related to device connection. +user.contact,Contact Data,user,User contact data for purposes other than account management. +user.contact.city,User Contact City,user.contact,"User's city level address data." +user.contact.country,User Contact Country,user.contact,"User's country level address data." +user.contact.email,User Contact Email,user.contact,"User's email address." +user.contact.phone_number,User Contact Phone Number,user.contact,"User's phone number." +user.contact.postal_code,User Contact Postal Code,user.contact,"User's postal code." +user.contact.state,User Contact State,user.contact,"User's state level address data." +user.contact.street,User Contact Street,user.contact,"User's street level address data." +user.credentials,Credentials,user,User authentication data. +user.credentials.biometric_credentials,Biometric Credentials,user.credentials,Credentials for system authentication. +user.credentials.password,Password,user.credentials,Password for system authentication. +user.financial,Financial Data,user,Payment data and financial history. +user.financial.account_number,Financial Account Number,user.financial,"User's account number for a payment card, bank account, or other financial system." +user.government_id,Government ID,user,State provided identification data. +user.government_id.drivers_license_number,"Driver's License Number",user.government_id,State issued driving identification number. +user.government_id.national_identification_number,National Identification Number,user.government_id,State issued personal identification number. +user.government_id.passport_number,Passport Number,user.government_id,State issued passport data. +user.biometric_health,Biometric Health Data,user,Encoded characteristic collected about a user. +user.browsing_history,Browsing History,user,Content browsing history of a user. +user.childrens,Children's Data,user,Data relating to children. +user.date_of_birth,Date of Birth,user,"User's date of birth." +user.demographic,Demographic Data,user,Demographic data about a user. +user.gender,Gender,user,Gender of an individual. +user.genetic,Genetic Data,user,Data about the genetic makeup provided by a user. +user.health_and_medical,Health and Medical Data,user,"Health records or individual's personal medical information." +user.job_title,Job Title,user,Professional data. +user.location,Location Data,user,Records of the location of a user. +user.name,Name,user,"User's real name." +user.non_specific_age,Non-Specific Age,user,Age range data. +user.media_consumption,Media Consumption Data,user,Media type consumption data of a user. +user.observed,Observed Data,user,Data collected through observation of use of the system. +user.organization,Organization Data,user,Data that is linked to, or identifies an organization. +user.political_opinion,Political Opinion,user,"Data related to the individual's political opinions." +user.profiling,Profiling Data,user,Preference and interest data about a user. +user.race,Race,user,Racial or ethnic origin data. +user.religious_belief,Religious Belief,user,Religion or religious belief. +user.search_history,Search History,user,Records of search history and queries of a user. +user.sensor,Sensor Data,user,Non-user identifiable measurement data derived from sensors and monitoring systems. +user.sexual_orientation,Sexual Orientation,user,Personal sex life or sexual data. +user.social,Social Data,user,Social activity and interaction data. +user.telemetry,Telemetry Data,user,User measurement data from system sensors and monitoring. +user.unique_id,Unique ID,user,Unique identifier for a user assigned through system use. +user.user_sensor,User Sensor Data,user,Measurement data derived about a user's environment through system use. +user.workplace,Workplace,user,Organization of employment. \ No newline at end of file diff --git a/mkdocs/docs/csv/data_uses.csv b/mkdocs/docs/csv/data_uses.csv index f342feda..c8529166 100644 --- a/mkdocs/docs/csv/data_uses.csv +++ b/mkdocs/docs/csv/data_uses.csv @@ -1,13 +1,13 @@ privacy_key,name,parent_key,description data_use,Data Use,, provide,Provide the capability,data_use,"Provide, give, or make available the product, service, application or system." -provide.system,System,provide,"The source system, product, service or application being provided to the user." -provide.system.operations,System Operations,provide.system,Use of specified data categories to operate and protect the system in order to provide the service. -provide.system.operations.support,Operations Support,provide.system.operations,Use of specified data categories to provide support for operation and protection of the system in order to provide the service. -provide.system.operations.support.optimization,Support Optimization,provide.system.operations.support,Use of specified data categories to optimize and improve support operations in order to provide the service. -provide.system.upgrades,Offer Upgrades,provide.system,Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage. +provide.service,System,provide,"The source system, product, service or application being provided to the user." +provide.service.operations,System Operations,provide.service,Use of specified data categories to operate and protect the system in order to provide the service. +provide.service.operations.support,Operations Support,provide.service.operations,Use of specified data categories to provide support for operation and protection of the system in order to provide the service. +provide.service.operations.support.optimization,Support Optimization,provide.service.operations.support,Use of specified data categories to optimize and improve support operations in order to provide the service. +provide.service.upgrades,Offer Upgrades,provide.service,Offer upgrades or upsales such as increased capacity for the service based on monitoring of service usage. improve,Improve the capability,data_use,"Improve the product, service, application or system." -improve.system,System,improve,"The source system, product, service or application being improved." +improve.system,Service,improve,"The source service, product, system or application being improved." personalize,Personalize the capability,data_use,"Personalize the product, service, application or system." personalize.system,System,personalize,"The source system, product, service or application being personalized." advertising,"Advertising, Marketing or Promotion",data_use,The promotion of products or services targeted to users based on the the processing of user provided data in the system. diff --git a/mkdocs/docs/img/notation-conventions.svg b/mkdocs/docs/img/notation-conventions.svg deleted file mode 100644 index 858ccb35..00000000 --- a/mkdocs/docs/img/notation-conventions.svg +++ /dev/null @@ -1,36 +0,0 @@ - - - notation-conventions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/mkdocs/docs/index.md b/mkdocs/docs/index.md index 8bf351e2..25ac66d8 100644 --- a/mkdocs/docs/index.md +++ b/mkdocs/docs/index.md @@ -1,9 +1,8 @@ # Fides Language -[![License: CC BY 4.0](https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg)](https://creativecommons.org/licenses/by/4.0/) +Fideslang (fee-dez-læŋg, from the Latin term "FidÄ“s" + "language") is an evolving design for a human-readable "taxonomy," or categorization, of data and data processing behaviors. Fideslang provides a proposed model for privacy-related data types, behaviors, and usages, with the goal of deriving an interoperable community standard to simply privacy regulation compliance in a typical software development process. -## Overview -The Fides Language is a working draft of a proposed taxonomy to describe data and data processing behaviors as part of a typical software development process. Our hope with standarizing this definition publicly with the community is to derive an interopable standard for describe types of data and how they're being used in applications to simplify global privacy regulations. +[![License: CC BY 4.0](https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg)](https://creativecommons.org/licenses/by/4.0/) @@ -48,14 +47,14 @@ The Fides taxonomy currently comprises of four classification groups that are u ### 1. Data Categories Data Categories are labels to describe the type of data processed by your software. These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field. -Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.provided` data), or you can classify it with greater precision using subcategories (e.g. `user.provided.identifiable.contact.email` data). +Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.contact` data), or you can classify it with greater precision using subcategories (e.g. `user.contact.email` data). Learn more about [Data Categories in the taxonomy reference now](data_categories.md). ### 2. Data Uses Data Uses are labels that describe how, or for what purpose(s) a component of your system is using data. -Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.system.operations`) or with more precision using subcategories (e.g. `provide.system.operations.support.optimization`). +Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.service.operations`) or with more precision using subcategories (e.g. `provide.service.operations.support.optimization`). Learn more about [Data Uses in the taxonomy reference now](data_uses.md). @@ -83,10 +82,10 @@ Along this spectrum are labels that describe the degree of identification that a Learn more about [Data Qualifiers in the taxonomy reference now](data_qualifiers.md). -### Extensibility & Interopability -The taxonomy is designed to support common privacy compliance regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. +### Extensibility and Interoperability +The taxonomy is designed to support common privacy compliance regulations `and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. -You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interopability inside and outside your organization. +You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. If you have suggestions for missing classifications or concepts, please submit them for addition. diff --git a/mkdocs/docs/js/vis.js b/mkdocs/docs/js/vis.js index 50cb98ad..00b61763 100644 --- a/mkdocs/docs/js/vis.js +++ b/mkdocs/docs/js/vis.js @@ -739,9 +739,6 @@ Promise.all([ "Data Category", "System Data", "User Data", - "User Provided Data", - "Account Data", - "Derived Data", ]) .range([ "#0861ce", diff --git a/mkdocs/docs/js/vis2.js b/mkdocs/docs/js/vis2.js index d006f9a2..b35e9a00 100644 --- a/mkdocs/docs/js/vis2.js +++ b/mkdocs/docs/js/vis2.js @@ -740,9 +740,6 @@ Promise.all([ "Data Category", "System Data", "User Data", - "User Provided Data", - "Account Data", - "Derived Data", ]) .range([ "#0861ce", diff --git a/mkdocs/docs/overview.md b/mkdocs/docs/overview.md new file mode 100644 index 00000000..61e9a330 --- /dev/null +++ b/mkdocs/docs/overview.md @@ -0,0 +1,32 @@ +# Fides Language Documentation + +This is the documentation for Fides' configuration language. It is relevant to users of **Fides Control** ([`fidesctl`](https://github.com/ethyca/fides/)), **Fides Ops** ([`fidesops`](https://github.com/ethyca/fidesops/), and other privacy tools that are in the roadmap. + +> **Hands-on**: Try the [fidesctl: Getting Started](../quickstart/overview.md). + +The Fides language is Fides' primary user interface. In every use of Fides, configuration files written in the Fides language is always at the heart of the workflow. + +## About the Fides Language + +The Fides language is based on **YAML** configuration files. YAML provides a well-understood structure, upon which the Fides language adds helpful primitives which represent types of data, processes or policies. By declaring these primitives with Fides you can describe: + +- what types of data your application process (using Fides `data_category` annotations) +- how your system uses that data (using Fides `data_use` annotations) +- what policies you want your system to adhere to (using Fides `Policy` resources) +- etc. + +All other language features exist only to make the definition of privacy primitives more flexible and convenient. + +When fully utilized, these configuration files written using the Fides language tell other Fides tools what your software is doing with data and how to manage the privacy risks of that data process. Software systems are complicated though, so a full Fides configuration will consist of multiple files describing different resources, including: + +### Dataset YAML + +A Dataset declaration in Fides language represents any location where data is stored: databases, data warehouses, caches and other data storage systems. Within a Fides Dataset, you declare the individual fields (e.g. database columns) where data is located and annotate them to describe the categories of data that are stored. + +### System YAML + +A System declaration in Fides language represents the privacy properties of a single software project, service, codebase, or application. So the Fides System declaration describes both the categories of data being processed, but also the purposes for which that data is processed. + +### Policy YAML + +A Policy declaration in Fides language represents a set of rules for privacy or compliance that the system must adhere to. The `fidesctl` tool evaluates these policies against the system & dataset declarations to ensure automated compliance. diff --git a/mkdocs/docs/resources/dataset.md b/mkdocs/docs/resources/dataset.md new file mode 100644 index 00000000..34f8c891 --- /dev/null +++ b/mkdocs/docs/resources/dataset.md @@ -0,0 +1,226 @@ +# Dataset + +A Dataset takes a database schema (tables and columns) and adds Fides privacy categorizations. This is a database-agnostic way to annotate privacy declarations. + + ``` + organization + |-> registry (optional) + |-> system + |-> ** dataset ** + |-> collections + |-> fields + ``` + +* The schema is represented as a set of "collections" (tables) that contain "fields" (columns). + +* At each level -- Dataset, collection, and field, you can assign one or more Data Categories and Data Qualifiers. The Categories and Qualifiers declared at each child level is additive. + +While you can create Dataset objects by hand, you typically use the [generate](../../guides/generate_resources.md) command to create rudimentary Dataset manifest files that are based on your real-world databases. After you run the command, which creates the schema components, you add your Data Categories and Data Qualifiers to the manifest. + +You use your Datasets by adding them to Systems. A System can contain any number of Datasets, and a Dataset can be added to any number of Systems. +When a dataset is referenced by a system, all applicable data categories set on the dataset are treated as part of the system. +If a Dataset is not referenced by a System, a warning is surfaced denoting an orphan dataset exists. + +Datasets cannot contain other Datasets. + +## Object Structure + +**fides_key**     _constrained string_ + +A string token of your own invention that uniquely identifies this Dataset. It's your responsibility to ensure that the value is unique across all of your Dataset objects. The value may only contain alphanumeric characters, underscores, and hyphens. (`[A-Za-z0-9_.-]`). + +**name**     _string_ + +A UI-friendly label for the Dataset. + +**description**     _string_ + +A human-readable description of the Dataset. + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the [Organization](/fides/language/resources/organization/) to which this Dataset belongs. + +**meta**     _object_ + +An optional object that provides additional information about the Dataset. You can structure the object however you like. It can be a simple set of `key: value` properties or a deeply nested hierarchy of objects. How you use the object is up to you: Fides ignores it. + +**third_country_transfers**     _constrained string_ + +An optional array to identify any third countries where data is transited to. For consistency purposes, these fields are required to follow the Alpha-3 code set in [ISO 3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3) + +**joint_controller**  [array] + +An optional array of contact information if a Joint Controller exists. This information can also be stored at the [system](/fides/language/resources/system/) level (`name`, `address`, `email`, `phone`). + +**retention**  _string_ + +An optional string to describe the retention policy for a dataset. This field can also be applied more granularly at either the Collection or field level of a Dataset + +**data_categories**     [_string_]
+**data_qualifiers**     [_string_]
+ +Arrays of Data Category and Data Qualifier resources, identified by `fides_key`, that apply to all collections in the Dataset. + +**collections**     [_object_]
+ +An array of objects that describe the Dataset's collections. + +**collections.name**     string
+ +A UI-friendly label for the collection. + +**collections.description**     _string_ + +A human-readable description of the collection. + +**collections.data_categories**     [_string_]
+**collections.data_qualifiers**     [_string_]
+ +Arrays of Data Category and Data Qualifier resources, identified by `fides_key`, that apply to all fields in the collection. + +**collections.retention**  _string_ + +An optional string to describe the retention policy for a Dataset collection. This field can also be applied more granularly at the field level of a Dataset. + +**collections.fields**     [_object_]
+ +An array of objects that describe the collection's fields. + +**collections.fields.name**     string
+ +A UI-friendly label for the field. + +**collections.fields.description**     _string_ + +A human-readable description of the field. + +**collections.fields.data_categories**     [_string_]
+ +Arrays of Data Categories, identified by `fides_key`, that applies to this field. + +**collections.fields.data_qualifier**     _string_
+ +A Data Qualifier that applies to this field. Note that this field holds a single value, therefore, the property name is singular. + +**collections.fields.retention**  _string_ + +An optional string to describe the retention policy for a field within a Dataset collection. + +**collections.fields.fields**     [_object_]
+ +An optional array of objects that describe hierarchical/nested fields (typically found in NoSQL databases) + +## Examples + +### **Manifest File** + +```yaml +dataset: + - fides_key: demo_users_dataset + name: Demo Users Dataset + description: Data collected about users for our analytics system. + third_country_transfers: + - USA + - CAN + joint_controller: + name: Dave L. Epper + address: 1 Acme Pl. New York, NY + email: controller@acmeinc.com + phone: +1 555 555 5555 + retention: 1 year post account deletion + collections: + - name: users + description: User information + data_categories: + - user + retention: 30 days post account deletion + fields: + - name: first_name + description: User's first name + data_categories: + - user.name + - name: email + description: User's Email + data_categories: + - user.contact.email + - name: phone + description: User's phone numbers + data_categories: + - user.contact.phone_number + retention: end of user relationship + fields: + - name: mobile + description: User's mobile phone number + data_categories: + - user.contact.phone_number + - name: home + description: User's home phone number + data_categories: + - user.contact.phone_number +``` + +### **API Payload** + +```json + { + "fides_key": "demo_users_dataset", + "name": "Demo Users Dataset", + "description": "Data collected about users for our analytics system.", + "third_country_transfers": ["USA", "CAN"], + "joint_controller": { + "name": "Dave L. Epper", + "address": "1 Acme Pl. New York, NY", + "email": "controller@acmeinc.com", + "phone": "+1 555 555 5555" + }, + "retention": "1 year post account deletion", + "collections": [ + { + "name": "users", + "description": "User information", + "retention": "30 days post account deletion", + "fields": [ + { + "name": "first_name", + "description": "User's first name", + "data_categories": [ + "user.name" + ] + }, + { + "name": "email", + "description": "User's Email", + "data_categories": [ + "user.contact.email" + ] + }, + { + "name": "phone", + "description": "User's phone numbers", + "data_categories": [ + "user.contact.phone_number" + ], + "retention": "end of user relationship", + "fields": [ + { + "name": "mobile", + "description": "User's mobile phone number", + "data_categories": [ + "user.contact.phone_number" + ], + }, + { + "name": "home", + "description": "User's home phone number", + "data_categories": [ + "user.contact.phone_number" + ] + } + ] + } + ] + } + ] + } +``` diff --git a/mkdocs/docs/resources/organization.md b/mkdocs/docs/resources/organization.md new file mode 100644 index 00000000..892fde88 --- /dev/null +++ b/mkdocs/docs/resources/organization.md @@ -0,0 +1,95 @@ +# Organization + +An Organization represents all or part of an enterprise or company, and establishes the root of your resource hierarchy. This means that while you can have more than one Organization resource, they can't refer to each other's sub-resources. For example, your "American Stores" Organization can't refer to the Policy objects that are defined by your "European Stores" Organization. + +The Organization resource will also contain vital information with regards to compliance reporting in the case of a data map or RoPA (Record of Processing Activities). + +All other resource types must refer to an Organization (through their `organization_fides_key` properties). Fides creates a default Organization that it uses for all resources that don't otherwise specify an Organization. Unless you're creating multiple Organizations (which should be rare), it is suggested to use the default Organization resource. + +The fides key for the default Organization is `default_organization`. + +## Object Structure + +**fides_key**  _string_ + +A string token of your own invention that uniquely identifies this Organization. It's your responsibility to ensure that the value is unique across all of your Organization objects. The value can only contain alphanumeric characters, hyphens, periods and underscores (`[A-Za-z0-9_.-]`). + +**name**  _string_ + +A UI-friendly label for the Organization. + +**description**  _string_ + +A human-readable description of the Organization. + +**controller**  [array] + +An array of contact information for the controller over personal data usage within the organization (`name`, `address`, `email`, `phone`). + +**data_protection_officer**  [array] + +An array of contact information for the Data Protection Officer (DPO) within the organization (`name`, `address`, `email`, `phone`). + +**representative**  [array] + +An array of contact information for an optional representative for the organization on behalf of the controller and/or DPO (`name`, `address`, `email`, `phone`). + +**security_policy**  _string_ + +A url to the organization security policy, (i.e. https://ethyca.com/privacy-policy/) + +## Examples + +### **Manifest File** + +```yaml +organization: + fides_key: default_organization + name: Acme Incorporated + description: An Organization that represents all of Acme Inc. + security_policy: https://example.org/privacy + controller: + name: Dave L. Epper + address: 1 Acme Pl. New York, NY + email: controller@acmeinc.com + phone: +1 555 555 5555 + data_protection_officer: + name: Preet Ector + address: 1 Acme Pl. New York, NY + email: dpo@acmeinc.com + phone: +1 555 555 5555 + representative: + name: Ann Othername + address: 1 Acme Pl. New York, NY + email: representative@acmeinc.com + phone: +1 555 555 5555 +``` + +### **API Payload** + +```json +{ + "fides_key": "default_organization", + "name": "Acme Incorporated", + "description": "An Organization that represents all of Acme Inc.", + "security_policy": "https://example.org/privacy", + "controller": { + "name": "Dave L. Epper", + "address": "1 Acme Pl. New York, NY", + "email": "controller@acmeinc.com", + "phone": "+1 555 555 5555" + }, + "data_protection_officer": { + "name": "Preet Ector", + "address": "1 Acme Pl. New York, NY", + "email": "dpo@acmeinc.com", + "phone": "+1 555 555 5555" + }, + "representative": { + "name": "Ann Othername", + "address": "1 Acme Pl. New York, NY", + "email": "representative@acmeinc.com", + "phone": "+1 555 555 5555" + } +} +``` diff --git a/mkdocs/docs/resources/overview.md b/mkdocs/docs/resources/overview.md new file mode 100644 index 00000000..2b02c18e --- /dev/null +++ b/mkdocs/docs/resources/overview.md @@ -0,0 +1,50 @@ +# Fides Taxonomy + +The Fides taxonomy contains four classification groups that are used together to easily describe all of the data types and associated processing behaviors of an entire tech stack; both the application and it's data storage. + +## Summary of Taxonomy Classification Groups + +### 1. Data Categories +Data Categories are labels to describe the type of data processed by your software. These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field. + +Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.account` data), or you can classify it with greater precision using subcategories (e.g. `user.account.email` data). + +Learn more about [Data Categories in the taxonomy reference now](data_categories.md). + +### 2. Data Uses +Data Uses are labels that describe how, or for what purpose(s) a component of your system is using data. + +Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.service.operations`) or with more precision using subcategories (e.g. `provide.service.operations.support.optimization`). + +Learn more about [Data Uses in the taxonomy reference now](data_uses.md). + +### 3. Data Subjects +Data Subject is a label commonly used in the regulatory world to describe the users of a system who's data is being processed. In many systems a generic user label may be sufficient, however Fides language is intended to provide greater control through specificity where needed. + +Examples of this are: + +- `anonymous_user` +- `employee` +- `customer` +- `patient` +- `next_of_kin` + +Learn more about [Data Subjects in the taxonomy reference now](data_subjects.md). + + +### 4. Data Qualifiers +Data Qualifiers describe the degree of identification of the given data. Think of this as a spectrum: on one end is completely anonymous data, i.e. it is impossible to identify an individual from it, and on the other end is data that specifically identifies an individual. + +Along this spectrum are labels that describe the degree of identification that a given data might provide, such as: + +- `identified` +- `anonymized` +- `aggregated` + +Learn more about [Data Qualifiers in the taxonomy reference now](data_qualifiers.md). + +### Extensibility & interoperability +The Fides language is designed to support common privacy compliance regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. + +You can extend the taxonomy to support your organization's needs. If you do this, we recommend extending from the existing categories to ensure interoperability inside and outside your organization. + diff --git a/mkdocs/docs/resources/policy.md b/mkdocs/docs/resources/policy.md new file mode 100644 index 00000000..f6b05379 --- /dev/null +++ b/mkdocs/docs/resources/policy.md @@ -0,0 +1,120 @@ +# Policy + +A Policy is your privacy policy as code, it lists a set of acceptable and non-acceptable rules and uses all 4 privacy attributes (`data_category`, `data_use`, `data_subject`, and `data_qualifier`). The purpose of the policy is to state what types of data are allowed for certain usages. + + ``` + organization + |-> ** policy ** + |-> rules + ``` + +## Object Structure + +**fides_key**     _constrained string_ + +A string token of your own invention that uniquely identifies this Policy. It's your responsibility to ensure that the value is unique across all of your Policy objects. The value may only contain alphanumeric characters, underscores, and hyphens. (`[A-Za-z0-9_.-]`). + +**name**     _string_ + +A UI-friendly label for the Policy. + +**description**     _string_ + +A human-readable description of the Policy. + +**data_categories**     _string_      + +The [Data Categories](/fides/language/taxonomy/data_categories/) privacy attribute describes types of sensitive data as defined in the taxonomy. + +**data_uses**     _string_      + +The [Data Use](/fides/language/taxonomy/data_uses/) privacy attribute describes the various categories of data processing and operations at your organization. + +**data_subject**     _string_      + +The [Data Subjects](/fides/language/taxonomy/data_subjects/) privacy attribute describes the individual persons whose data your rule pertains to. + +**data_qualifier**     _string_      + +The [Data Qualifier](/fides/language/taxonomy/data_qualifiers/) privacy attribute describes the acceptable or non-acceptable level of deidentification for this data. + +**matches**     _enum_      + +* `ANY` +* `ALL` +* `NONE` +* `OTHER` + +The matches criteria describes how you would like this rule to be evaluated. These basic logic gates determine whether the array of privacy attributes will be fully included (`ALL`), not included at all (`NONE`), only included if at least 1 item in the array matches (`ANY`), or excluded with any additional attributes included (`OTHER`). + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the [Organization](/fides/language/resources/organization/) to which this Policy belongs. + +## Examples + +### **Manifest File** + +```yaml +policy: + - fides_key: demo_privacy_policy + name: Demo Privacy Policy + description: The main privacy policy for the organization. + rules: + - fides_key: reject_direct_marketing + name: Reject Direct Marketing + description: Disallow collecting any user contact info to use for marketing. + data_categories: + matches: ANY + values: + - user.contact + data_uses: + matches: ANY + values: + - advertising + data_subjects: + matches: ANY + values: + - customer + data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified +``` + +**Demo manifest file:** `/fides/fidesctl/demo_resources/demo_policy.yml` + +### **API Payload** + +```json title="POST /api/v1/policy" +{ + "fides_key": "demo_privacy_policy", + "organization_fides_key": "default_organization", + "name": "string", + "description": "The main privacy policy for the organization.", + "rules": [ + { + "fides_key": "reject_direct_marketing", + "organization_fides_key": "default_organization", + "name": "Reject Direct Marketing", + "description": "Disallow collecting any user contact info to use for marketing.", + "data_categories": { + "matches": "ANY", + "values": [ + "user.contact" + ] + }, + "data_uses": { + "matches": "ANY", + "values": [ + "advertising" + ] + }, + "data_subjects": { + "matches": "ANY", + "values": [ + "customer" + ] + }, + "data_qualifier": "aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified" + } + ] +} +``` diff --git a/mkdocs/docs/resources/registry.md b/mkdocs/docs/resources/registry.md new file mode 100644 index 00000000..50881e08 --- /dev/null +++ b/mkdocs/docs/resources/registry.md @@ -0,0 +1,53 @@ +# Registry + +A Registry is a collection of System resources. You may add a System to a Registry by setting the System's `registry_id` field. + + ``` + organization + |-> ** registry ** (optional) + |-> system + ``` + +* A System may belong to only one Registry. + +* All Registries are siblings: You cannot create a hierarchy of Registries. +* Collecting your systems into Registries is optional. + +## Object Structure + +**fides_key**     _constrained string_ + +A string token of your own invention that uniquely identifies this Registry. It's your responsibility to ensure that the value is unique across all of your Registry objects. The value may only contain alphanumeric characters, underscores, and hyphens. (`[A-Za-z0-9_.-]`). + +**name**     _string_ + +A UI-friendly label for the Registry. + +**description**     _string_ + +A human-readable description of the Registry. + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the [Organization](/fides/language/resources/organization/) to which this Registry belongs. + +## Examples + +### **Manifest File** + +```yaml +registry: + - fides_key: user_systems_registry + name: User Systems Registry + description: A Registry for all of the user-related systems. +``` + +### **API Payload** + +```json +{ + "fides_key": "user_systems_registry", + "name": "User Systems Registry", + "description": "A Registry for all of the user-related systems." +} +``` diff --git a/mkdocs/docs/resources/system.md b/mkdocs/docs/resources/system.md new file mode 100644 index 00000000..94a7f538 --- /dev/null +++ b/mkdocs/docs/resources/system.md @@ -0,0 +1,142 @@ +# System + +A System is a model for describing anything that processes data for your organization (applications, services, 3rd party APIs, etc.) and describes how these datasets are used for business functions of instances of your data resources. It contains all 4 privacy attributes (`data_category`, `data_use`, `data_subject`, and `data_qualifier`). + + ``` + organization + |-> registry (optional) + |-> ** system ** + |-> privacy declarations + ``` + +## Object Structure + +**fides_key**     _constrained string_ + +A string token of your own invention that uniquely identifies this System. It's your responsibility to ensure that the value is unique across all of your System objects. The value may only contain alphanumeric characters, underscores, and hyphens. (`[A-Za-z0-9_.-]`). + +**name**     _string_ + +A UI-friendly label for the System. + +**description**     _string_ + +A human-readable description of the System. + +**system_type**     _string_ + +A required value to describe the type of system being modeled, examples include: Service, Application, Third Party, etc. + +**data_responsibility_title**     _enum_ + +An attribute to describe the role of responsibility over the personal data, used when exporting to a data map. +Defaults to `Controller` if not set explicitly. + +* `Controller` +* `Processor` +* `Sub-Processor` + +**administrating_department**     _string_ + +An optional value to identify the owning department or group of the system within your organization + +**third_country_transfers**     _constrained string_ + +An optional array to identify any third countries where data is transited to. For consistency purposes, these fields are required to follow the Alpha-3 code set in [ISO 3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3) + +**joint_controller**  [array] + +An optional array of contact information if a Joint Controller exists. This information can also be more granularly stored at the [dataset](/fides/language/resources/dataset/) level (`name`, `address`, `email`, `phone`). + +**data_protection_impact_assessment**     [array]      + +The array of properties that declare the requirement for and information surrounding a Data Protection Impact Assessment (`is_required`, `progress`, `link`). + +Information will be exported as part of the data map or Record of Processing Activites (RoPA) + +**privacy_declarations**     [array]      + +The array of declarations describing the types of data in your system. This is a list of the privcy attributes (`data_category`, `data_use`, `data_subject`, and `data_qualifier`) for each of your systems. + +If a dataset is referenced as part of the system, all applicable data categories set on the dataset are treated as part of the system. + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the [Organization](/fides/language/resources/organization/) to which this System belongs. + +## Examples + +### **Manifest File** + +```yaml +system: + - fides_key: demo_analytics_system + name: Demo Analytics System + description: A system used for analyzing customer behaviour. + system_type: Service + data_responsibility_title: Controller + administrating_department: Engineering + third_country_transfers: + - USA + - CAN + joint_controller: + name: Dave L. Epper + address: 1 Acme Pl. New York, NY + email: controller@acmeinc.com + phone: +1 555 555 5555 + data_protection_impact_assessment: + is_required: True + progress: Complete + link: https://example.org/analytics_system_data_protection_impact_assessment + privacy_declarations: + - name: Analyze customer behaviour for improvements. + data_categories: + - user.contact + - user.device.cookie_id + data_use: improve.system + data_subjects: + - customer + data_qualifier: identified_data + dataset_references: + - demo_users_dataset +``` + +**Demo manifest file:** `/fides/fidesctl/demo_resources/demo_system.yml` + +### **API** + +```json title="POST /api/v1/system" + +{ + "fides_key": "demo_analytics_system", + "name": "Demo Analytics System", + "description": "A system used for analyzing customer behaviour.", + "system_type": "Service", + "data_responsibility_title": "Controller", + "administrating_department": "Engineering", + "third_country_transfers": ["USA", "CAN"], + "joint_controller": { + "name": "Dave L. Epper", + "address": "1 Acme Pl. New York, NY", + "email": "controller@acmeinc.com", + "phone": "+1 555 555 5555" + }, + "privacy_declarations": [ + { + "name": "Analyze customer behaviour for improvements.", + "data_categories": [ + "user.contact", + "user.device.cookie_id" + ], + "data_use": "improve.system", + "data_subjects": [ + "customer" + ], + "data_qualifier": "identified_data", + "dataset_references": [ + "demo_users_dataset" + ] + } + ] +} +``` diff --git a/mkdocs/docs/syntax.md b/mkdocs/docs/syntax.md index 165347f7..13a847e5 100644 --- a/mkdocs/docs/syntax.md +++ b/mkdocs/docs/syntax.md @@ -1,95 +1,56 @@ -# Privacy Taxonomy Syntax -Other pages in this taxonomy documentation describe various concepts and resources that appear in the taxonomy. This page describes the syntax of the language in more detail to help better interpret the taxonomy whether you're authoring or reading. +# Fides Configuration Syntax -The taxonomy is an intentionally simple heirarchy designed to be relatively easy for anyone to read and write. The primary objective is to translate complex data and compliance concepts into a simple syntax, it's for this reason we envisage the taxonomy is written in yaml files. +Other pages in this language section describe various concepts and resources that appear in the Fides language. This page describes the syntax of the language in more detail to help better interpret Fides whether you're authoring or reading. -## YAML - Building Block of the Taxonomy +The Fides language is an intentionally simple language designed to be relatively easy for anyone to read and write. The primary objective is to translate complex privacy compliance concepts into a simple syntax, it's for this reason Fides is entirely written as YAML configurations. +## YAML - Building Block of Fides -### Taxonomy +### Fides Taxonomy -The taxonomy is intentionally simple. To assure this, value declarations from the taxonomy use predefined primitives to describe the data types or data processing you're doing. +The Fides language is intentionally simple. To assure this, Fides declarations use predefined primitives (e.g. data categories) that are used when describing your datasets, systems, policies, etc. These predefined primitives exist as part of the Fides taxonomy which is maintained in your `fidesctl` server so they can be consistently used across your organization's development team. + +You can learn more about the taxonomy structure and how to extend it in the [taxonomy guide](./taxonomy/overview.md). ### Dot Notation and Snake_Case -To make writing and reading the taxonomy as easy for humans as possible, declarations from the privacy taxonomy use `dot notation` for the keys and use `snake_case` compound labels. +To make writing and reading Fides language as easy for humans as possible, declarations from the privacy taxonomy use `dot notation` for the keys and use `snake_case` compound labels. -For example, to describe a field in a database as information provided by a user that is personally identifiable, you can write: +For example, to describe a field in a database as contact information relating to a user, you can write its data category as: ``` yaml - - -# This declares that the data is provided by the user and identifies them directly -user.provided.identifiable - - +# This declares that the contact data is about a given user: +user.contact ``` -If we require greater specificity we could declare the contact type as email (assuming it's a phone number); +If we require greater specificity, we could declare the contact type as a phone number by using a more specific sub-category: ``` yaml -# This declares that the is data provided by the user, -# identifies them directly and is from the contact category and of type phone number. -user.provided.identifiable.contact.phone_number +# This declares that the is data about a given user, +# and is from the contact category and of type phone number. +user.contact.phone_number ``` -The diagram below shows you the structure of the statement: - - - - notation-conventions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ### Key-Value -The key-value is YAML, and as such the basic building block of declaration from the taxonomy. Every item in a declarative document is a member of at least one dictionary. The key is always a `string`. The value is a scalar so that it can be any datatype. So the value can be a `string`, a `number`, or another `dictionary` - most commonly, this will be a `string` that may provide a description or a pointer to a reference object in the taxonomy. +The key-value is YAML, and Fides', basic building block. Every item in a Fides YAML document is a member of at least one dictionary. The key is always a `string`. The value is a scalar so that it can be any datatype. So the value can be a `string`, a `number`, or another `dictionary` - most commonly in Fides, this will be a `string` that may provide a description or a pointer to a reference object in the taxonomy. -If we use the example of a user's contact email, to correctly declare this in valid YAML, it would be: +If we use the example of a user's contact email, to correctly declare this in valid Fides YAML as part of a Dataset, it would be: ``` yaml fields: # Group of fields in the dataset. - name: email description: User's Email - path: users_dataset.email data_categories: # Data category label(s) to assign field. - - user.provided.identifiable.contact.email - - account.contact.email + - user.contact.email + - user.account.contact.email ``` -The key for each key-value pair determines what value types are valid (for example, a resource type such as `data_categories` must use values from the data_categories taxonomy), but many keys accept arbitrary strings as descriptive labels. +The key for each key-value pair determines what value types are valid (for example, a resource type such as `data_categories` must use values from the Data Categories taxonomy), but many keys accept arbitrary strings as descriptive labels. + +Finally, as you see in the example above, keys such as `data_categories` accept a list of values for multi-labeling. In this case, the field email has been assigned the value **user contact email** as well as **account-related contact email**, indicating that it may be either of those categories when used. + + +## Character Encoding -Finally, as you see in the example above, keys such as data_categories accept a list of values for multi-labeling. In this case, the field email has been assigned the value **user provided, identifiable contact email** as well as **account related contact email**. \ No newline at end of file +Fides configuration files must always be UTF-8 encoded. While the delimiters of the language are all ASCII characters, Fides accepts non-ASCII characters in key-values, comments, and string values. \ No newline at end of file diff --git a/mkdocs/docs/data_categories.md b/mkdocs/docs/taxonomy/data_categories.md similarity index 86% rename from mkdocs/docs/data_categories.md rename to mkdocs/docs/taxonomy/data_categories.md index 0e342195..4e7d619d 100644 --- a/mkdocs/docs/data_categories.md +++ b/mkdocs/docs/taxonomy/data_categories.md @@ -1,11 +1,39 @@ # Data Categories Reference -Data Categories are labels to describe the type of data processed by your software. These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field. +Data Categories are labels to describe the type of data processed by your software. Data Category objects form a hierarchy: A Data Category can contain any number of children, but a given Category may only have one parent. You assign a child Category to a parent by setting the child's `parent_key` property. For example, the `user.job_title` Category is used for personally-identifiable job title information for a user. -!!! Note "Extensibility and Interopability" +These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field. + +## Object Structure + +**fides_key**     _constrained string_ + +A string token that uniquely identifies this Data Category. The value is a dot-separated concatenation of the `fides_key` values of the resource's ancestors plus a final element for this resource: + +`grandparent.parent.this_data_category` + +The final element (`this_data_category`) may only contain alphanumeric characters and underscores (`[A-Za-z0-9_.-]`). The dot character is reserved as a separator. + +**name**_string_ + +A UI-friendly label for the Data Category. + +**description**_string_ + +A human-readable description of the Data Category. + +**parent_key**_string_ + +The fides key of the Data Category's parent. + +**organization_fides_key**_string_default: `default_organization` + +The fides key of the organization to which this Data Category belongs. + +!!! Note "Extensibility and interoperability" Data Categories in the taxonomy are designed to support common privacy regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. - You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interopability inside and outside your organization. + You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. If you have suggestions for core classes that should ship with the taxonomy, [please submit your requests here](https://github.com/ethyca/privacy-taxonomy/issues). @@ -84,4 +112,3 @@ Below is a reference for all subcategories of `system` and `user` to assist with | `drivers_license_number` | `user.government_id` |State issued driving identification number. | | `national_identification_number` | `user.government_id` |State issued personal identification number. | | `passport_number` | `user.government_id` |State issued passport data. | -| `nonidentifiable` | `user` |Non-user identifiable data related to a user as a result of user actions in the system. | diff --git a/mkdocs/docs/data_qualifiers.md b/mkdocs/docs/taxonomy/data_qualifiers.md similarity index 96% rename from mkdocs/docs/data_qualifiers.md rename to mkdocs/docs/taxonomy/data_qualifiers.md index 8f6e124a..96ec3ef0 100644 --- a/mkdocs/docs/data_qualifiers.md +++ b/mkdocs/docs/taxonomy/data_qualifiers.md @@ -2,10 +2,10 @@ Data Qualifiers describe the degree of identification of the given data. Think of this as a spectrum: on one end is completely anonymous data, i.e. it is impossible to identify an individual from it, and on the other end is data that specifically identifies an individual. -!!! Note "Extensibility and Interopability" +!!! Note "Extensibility and interoperability" Data Qualifiers in the taxonomy are designed to support common privacy regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. - You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interopability inside and outside your organization. + You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. If you have suggestions for core classes that should ship with the taxonomy, [please submit your requests here](https://github.com/ethyca/privacy-taxonomy/issues) diff --git a/mkdocs/docs/data_subjects.md b/mkdocs/docs/taxonomy/data_subjects.md similarity index 63% rename from mkdocs/docs/data_subjects.md rename to mkdocs/docs/taxonomy/data_subjects.md index 907e1302..852380e2 100644 --- a/mkdocs/docs/data_subjects.md +++ b/mkdocs/docs/taxonomy/data_subjects.md @@ -2,10 +2,57 @@ Data Subject are the group of labels commonly assigned to describe the type of system users to whom data may belong or is being processed. Examples might be customers, patients or simply abstract users. -!!! Note "Extensibility and Interopability" +A Data Subject is a label that describes a segment of individuals whose data you store. Data Subject labels are typically fairly broad -- "Citizen", "Visitor", "Passenger", and so on -- although you be as specific as your system needs: "Fans in Section K", for example. + +## Object Structure + +**fides_key**     _constrained string_ + +A string token of your own invention that uniquely identifies this Data Subject. It's your responsibility to ensure that the value is unique across all of your Data Subject objects. The value can only contain alphanumeric characters, hyphens, periods and underscores (`[A-Za-z0-9_.-]`). + +**name**     _string_ + +A UI-friendly label for the Data Subject. + +**description**     _string_ + +A human-readable description of the Data Subject. + +**rights**     _enum_ + +An array of rights available to the data subject, made of available values coupled with Chapter 3 of the GDPR. The output of a data map is based upon the strategy for applying rights (`rights.strategy`) and the selections made from the following valid options: + +* `Informed` +* `Access` +* `Rectification` +* `Erasure` +* `Portability` +* `Restrict Processing` +* `Withdraw Consent` +* `Object` +* `Object to Automated Processing` + +**strategy**     _enum_ + +A strategy for selecting the rights available to the data subject. + +* `ALL` +* `EXCLUDE` +* `INCLUDE` +* `NONE` + +**automated_decisions_or_profiling**     boolean + +A boolean value of whether or not automated decision-making or profiling exists. Tied to article 22 of the GDPR. + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the organization to which this Data Subject belongs. + +!!! Note "Extensibility and interoperability" Data Subjects in the taxonomy are designed to support common privacy regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. - You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interopability inside and outside your organization. + You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. If you have suggestions for core classes that should ship with the taxonomy, [please submit your requests here](https://github.com/ethyca/privacy-taxonomy/issues) @@ -14,6 +61,8 @@ Data Subject are the group of labels commonly assigned to describe the type of s At present, Data Subjects are a flat structure with no subcategories, although this is likely to change over time. +Currently, your collection of Data Subjects is given as a flat list: A Data Subject can't contain other Data Subjects. + | Label | Parent Key | Description | | --- | --- | --- | |`anonymous_user` |`-` |An individual that is unidentifiable to the systems. Note - This should only be applied to truly anonymous users where there is no risk of re-identification| diff --git a/mkdocs/docs/data_uses.md b/mkdocs/docs/taxonomy/data_uses.md similarity index 71% rename from mkdocs/docs/data_uses.md rename to mkdocs/docs/taxonomy/data_uses.md index c0e106e2..a6c3a1d6 100644 --- a/mkdocs/docs/data_uses.md +++ b/mkdocs/docs/taxonomy/data_uses.md @@ -2,10 +2,77 @@ Data Uses are labels that describe how, or for what purpose(s) a component of your system is using data. -!!! Note "Extensibility and Interopability" +A Data Use is a label that denotes the way data is used in your system: "Advertising, Marketing or Promotion", "First Party Advertising", and "Sharing for Legal Obligation", as examples. + +Data Use objects form a hierarchy: A Data Use can contain any number of children, but a given Data Use may only have one parent. You assign a child Data Use to a parent by setting the child's `parent_key` property. For example, the `third_party_sharing.personalized_advertising` Data Use type is data used for personalized advertising when shared with third parties. + +## Object Structure + +**fides_key**     _constrained string_ + +A string token that uniquely identifies this Data Use. The value is a dot-separated concatenation of the `fides_key` values of the resource's ancestors plus a final element for this resource: + +`grandparent.parent.this_data_use` + +The final element (`this_data_use`) may only contain alphanumeric characters and underscores (`[A-Za-z0-9_.-]`). The dot character is reserved as a separator. + +**name**     _string_ + +A UI-friendly label for the Data Use. + +**description**     _string_ + +A human-readable description of the Data Use. + +**parent_key**     _string_ + +The fides key of the the Data Use's parent. + +**legal_basis**     _enum_ + +The legal basis category of which the data use falls under. This field is used as part of the creation of an exportable data map. Current valid options: + +* `Consent` +* `Contract` +* `Legal Obligation` +* `Vital Interest` +* `Public Interest` +* `Legitimate Interest` + +**special_category**     _enum_ + +The special category for processing of which the data use falls under. This field is used as part of the creation of an exportable data map. Current valid options: + +* `Consent` +* `Employment` +* `Vital Interests` +* `Non-profit Bodies` +* `Public by Data Subject` +* `Legal Claims` +* `Substantial Public Interest` +* `Medical` +* `Public Health Interest` + +**recipent**     _string_ + +An array of recipients is applied here when sharing personal data outside of your organization (e.g. Internal Revenue Service, HMRC, etc.) + +**legitimate_interest**     boolean     default: `False` + +A boolean value representing whether the legal basis is a `Legitimate Interest`. This is validated at run time and looks for a `legitimate_interest_impact_assessment` to exist if true. + +**legitimate_interest_impact_assessment**     _url_ + +A url to the legitimate interest impact assessment. Can be any valid url (e.g. http, file, etc.) + +**organization_fides_key**     _string_     default: `default_organization` + +The fides key of the organization to which this Data Use belongs. + +!!! Note "Extensibility and interoperability" Data Uses in the taxonomy are designed to support common privacy regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. - You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interopability inside and outside your organization. + You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. If you have suggestions for core classes that should ship with the taxonomy, [please submit your requests here](https://github.com/ethyca/privacy-taxonomy/issues) @@ -32,7 +99,7 @@ Below is a reference for all subclasses of `account`, `system` and `user` to ass | Label | Parent Key | Description | | --- | --- | --- | -|`system` |`provide` |The source system, product, service or application being provided to the user. | +|`service` |`provide` |The source service, product, system or application being provided to the user. | |`provide.service.operations` |`provide.service` |Use of specified data categories to operate and protect the system in order to provide the service. | |`provide.service.operations.support` |`provide.service.operations` |Use of specified data categories to provide support for operation and protection of the system in order to provide the service. | |`provide.service.operations.support.optimization`|`provide.service.operations.support`|Use of specified data categories to optimize and improve support operations in order to provide the service. | diff --git a/mkdocs/docs/taxonomy/overview.md b/mkdocs/docs/taxonomy/overview.md new file mode 100644 index 00000000..6e6e01b7 --- /dev/null +++ b/mkdocs/docs/taxonomy/overview.md @@ -0,0 +1,50 @@ +# Fides Taxonomy + +The Fides taxonomy contains four classification groups that are used together to easily describe all of the data types and associated processing behaviors of an entire tech stack; both the application and it's data storage. + +## Summary of Taxonomy Classification Groups + +### 1. Data Categories +Data Categories are labels to describe the type of data processed by your software. These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field. + +Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g. `user.contact` data), or you can classify it with greater precision using subcategories (e.g. `user.contact.email` data). + +Learn more about [Data Categories in the taxonomy reference now](data_categories.md). + +### 2. Data Uses +Data Uses are labels that describe how, or for what purpose(s) a component of your system is using data. + +Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.service.operations`) or with more precision using subcategories (e.g. `provide.service.operations.support.optimization`). + +Learn more about [Data Uses in the taxonomy reference now](data_uses.md). + +### 3. Data Subjects +Data Subject is a label commonly used in the regulatory world to describe the users of a system who's data is being processed. In many systems a generic user label may be sufficient, however Fides language is intended to provide greater control through specificity where needed. + +Examples of this are: + +- `anonymous_user` +- `employee` +- `customer` +- `patient` +- `next_of_kin` + +Learn more about [Data Subjects in the taxonomy reference now](data_subjects.md). + + +### 4. Data Qualifiers +Data Qualifiers describe the degree of identification of the given data. Think of this as a spectrum: on one end is completely anonymous data, i.e. it is impossible to identify an individual from it, and on the other end is data that specifically identifies an individual. + +Along this spectrum are labels that describe the degree of identification that a given data might provide, such as: + +- `identified` +- `anonymized` +- `aggregated` + +Learn more about [Data Qualifiers in the taxonomy reference now](data_qualifiers.md). + +### Extensibility & interoperability +The Fides language is designed to support common privacy compliance regulations and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944. + +You can extend the taxonomy to support your organization's needs. If you do this, we recommend extending from the existing categories to ensure interoperability inside and outside your organization. + diff --git a/mkdocs/mkdocs.yml b/mkdocs/mkdocs.yml index e48bce91..6878b4a1 100644 --- a/mkdocs/mkdocs.yml +++ b/mkdocs/mkdocs.yml @@ -1,13 +1,22 @@ site_name: Fides Language site_url: https://ethyca.github.io/fideslang nav: - - What is the Fides Language: index.md - - Taxonomy Visual Explorer: explorer.md + - What is Fideslang?: index.md + - Fideslang Visual Explorer: explorer.md - Syntax: syntax.md - - Data Categories: data_categories.md - - Data Uses: data_uses.md - - Data Subjects: data_subjects.md - - Data Qualifiers: data_qualifiers.md + - Resources: + - Overview: resources/overview.md + - Organization: resources/organization.md + - Policy: resources/policy.md + - Registry: resources/registry.md + - System: resources/system.md + - Dataset: resources/dataset.md + - Taxonomy: + - Overview: taxonomy/overview.md + - Data Categories: taxonomy/data_categories.md + - Data Uses: taxonomy/data_uses.md + - Data Subjects: taxonomy/data_subjects.md + - Data Qualifiers: taxonomy/data_qualifiers.md - Github Repo: https://github.com/ethyca/fideslang - License: license.md diff --git a/src/fideslang/default_taxonomy.py b/src/fideslang/default_taxonomy.py index b482f3b6..d4a7d342 100644 --- a/src/fideslang/default_taxonomy.py +++ b/src/fideslang/default_taxonomy.py @@ -123,13 +123,6 @@ description="Unique identifier related to device connection.", parent_key="user.device", ), - DataCategory( - fides_key="user.nonidentifiable", - organization_fides_key="default_organization", - name="User Non-Identifiable Data", - description="Non-user identifiable data related to a user as a result of user actions in the system.", - parent_key="user", - ), DataCategory( fides_key="user.gender", organization_fides_key="default_organization", diff --git a/tests/conftest.py b/tests/conftest.py index 4041da18..00aa3396 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -17,8 +17,8 @@ def resources_dict(): resources_dict: Dict[str, Any] = { "data_category": models.DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable.custom", - parent_key="user.provided.identifiable", + fides_key="user.custom", + parent_key="user", name="Custom Data Category", description="Custom Data Category", ), @@ -46,7 +46,7 @@ def resources_dict(): name="First_Name", description="A First Name Field", path="another.path", - data_categories=["user.provided.identifiable.name"], + data_categories=["user.name"], data_qualifier="aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified", ), models.DatasetField( @@ -54,7 +54,7 @@ def resources_dict(): description="User's Email", path="another.another.path", data_categories=[ - "user.provided.identifiable.contact.email" + "user.contact.email" ], data_qualifier="aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified", ), diff --git a/tests/data/failing_dataset_collection_taxonomy.yml b/tests/data/failing_dataset_collection_taxonomy.yml index 6d176d4f..62e23284 100644 --- a/tests/data/failing_dataset_collection_taxonomy.yml +++ b/tests/data/failing_dataset_collection_taxonomy.yml @@ -6,13 +6,13 @@ dataset: - name: users description: User's information data_categories: - - user.provided.identifiable.political_opinion + - user.political_opinion data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized fields: - name: First_Name description: A First Name Field data_categories: - - user.provided.identifiable.name + - user.name data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified system: @@ -23,7 +23,7 @@ system: privacy_declarations: - name: Share Political Opinions data_categories: - - user.provided.identifiable + - user data_use: advertising data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified data_subjects: @@ -42,7 +42,7 @@ policy: data_categories: matches: ANY values: - - user.provided.identifiable.political_opinion + - user.political_opinion data_uses: matches: ANY values: diff --git a/tests/data/failing_dataset_field_taxonomy.yml b/tests/data/failing_dataset_field_taxonomy.yml index d91d585e..fa97818e 100644 --- a/tests/data/failing_dataset_field_taxonomy.yml +++ b/tests/data/failing_dataset_field_taxonomy.yml @@ -9,12 +9,12 @@ dataset: - name: First_Name description: A First Name Field data_categories: - - user.provided.identifiable.name + - user.name data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified - name: political_opinion description: User's political opinion data_categories: - - user.provided.identifiable.political_opinion + - user.political_opinion data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized system: - fides_key: customer_data_sharing_system @@ -24,7 +24,7 @@ system: privacy_declarations: - name: Share Political Opinions data_categories: - - user.provided.identifiable + - user data_use: advertising data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified data_subjects: @@ -43,7 +43,7 @@ policy: data_categories: matches: ANY values: - - user.provided.identifiable.political_opinion + - user.political_opinion data_uses: matches: ANY values: diff --git a/tests/data/failing_dataset_taxonomy.yml b/tests/data/failing_dataset_taxonomy.yml index 4b5f2528..284d88a3 100644 --- a/tests/data/failing_dataset_taxonomy.yml +++ b/tests/data/failing_dataset_taxonomy.yml @@ -3,7 +3,7 @@ dataset: name: Sample DB Dataset description: This is a Sample Database Dataset data_categories: - - user.provided.identifiable.political_opinion + - user.political_opinion data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized collections: - name: users @@ -12,7 +12,7 @@ dataset: - name: First_Name description: A First Name Field data_categories: - - user.provided.identifiable.name + - user.name data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified system: @@ -23,7 +23,7 @@ system: privacy_declarations: - name: Share Political Opinions data_categories: - - user.provided.identifiable + - user data_use: advertising data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified data_subjects: @@ -42,7 +42,7 @@ policy: data_categories: matches: ANY values: - - user.provided.identifiable.political_opinion + - user.political_opinion data_uses: matches: ANY values: diff --git a/tests/data/failing_declaration_taxonomy.yml b/tests/data/failing_declaration_taxonomy.yml index a081fe8a..8ef56afa 100644 --- a/tests/data/failing_declaration_taxonomy.yml +++ b/tests/data/failing_declaration_taxonomy.yml @@ -6,7 +6,7 @@ system: privacy_declarations: - name: Share Political Opinions data_categories: - - user.provided.identifiable.political_opinion + - user.political_opinion data_use: third_party_sharing.payment_processing data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified data_subjects: @@ -23,7 +23,7 @@ policy: data_categories: matches: ANY values: - - user.provided + - user data_uses: matches: ANY values: diff --git a/tests/data/failing_nested_dataset.yml b/tests/data/failing_nested_dataset.yml index a0c733ef..7f3f992c 100644 --- a/tests/data/failing_nested_dataset.yml +++ b/tests/data/failing_nested_dataset.yml @@ -11,13 +11,13 @@ dataset: fields: - name: street data_categories: - - account.contact.street + - user.account.contact.street - name: city data_categories: - - account.contact.city + - user.account.contact.city - name: state data_categories: - - account.contact.state + - user.account.contact.state system: - fides_key: client_analytics @@ -27,7 +27,7 @@ system: privacy_declarations: - name: Mesaure usage of users data_categories: - - user.derived + - user data_use: improve.system data_subjects: - customer @@ -45,7 +45,7 @@ policy: data_categories: matches: OTHER values: - - user.derived + - user data_uses: matches: OTHER values: diff --git a/tests/data/passing_declaration_taxonomy.yml b/tests/data/passing_declaration_taxonomy.yml index 59ab86d5..a99a7197 100644 --- a/tests/data/passing_declaration_taxonomy.yml +++ b/tests/data/passing_declaration_taxonomy.yml @@ -6,7 +6,7 @@ system: privacy_declarations: - name: Share Political Opinions data_categories: - - user.provided.identifiable.political_opinion + - user.political_opinion data_use: third_party_sharing.payment_processing data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified data_subjects: diff --git a/tests/data/sample_hierarchy_figures.json b/tests/data/sample_hierarchy_figures.json index 2f77287f..dd0e20af 100644 --- a/tests/data/sample_hierarchy_figures.json +++ b/tests/data/sample_hierarchy_figures.json @@ -3,14 +3,14 @@ { "hoverinfo": "skip", "labels": [ - "account", - "account.contact", - "account.contact.city" + "user.account", + "user.account.contact", + "user.account.contact.city" ], "parents": [ null, - "account", - "account.contact" + "user.account", + "user.account.contact" ], "type": "sunburst" }, @@ -33,9 +33,9 @@ "node": { "color": "blue", "label": [ - "account", - "account.contact", - "account.contact.city" + "user.account", + "user.account.contact", + "user.account.contact.city" ], "line": { "color": "black", @@ -52,14 +52,14 @@ { "hoverinfo": "skip", "labels": [ - "account", - "account.contact", - "account.contact.city" + "user.account", + "user.account.contact", + "user.account.contact.city" ], "parents": [ null, - "account", - "account.contact" + "user.account", + "user.account.contact" ], "type": "icicle", "visible": false diff --git a/tests/fideslang/test_parse.py b/tests/fideslang/test_parse.py index b646f466..837fe4ca 100644 --- a/tests/fideslang/test_parse.py +++ b/tests/fideslang/test_parse.py @@ -57,8 +57,8 @@ def test_load_manifests_into_taxonomy(): "description": "Test top-level category", }, { - "name": "User Provided Data", - "fides_key": "user.provided", + "name": "User Account Data", + "fides_key": "user.account", "parent_key": "user", "description": "Test sub-category", }, @@ -73,8 +73,8 @@ def test_load_manifests_into_taxonomy(): description="Test top-level category", ), models.DataCategory( - name="User Provided Data", - fides_key="user.provided", + name="User Account Data", + fides_key="user.account", parent_key="user", description="Test sub-category", ), diff --git a/tests/fideslang/test_validation.py b/tests/fideslang/test_validation.py index 3babf4c1..8f9a7f4d 100644 --- a/tests/fideslang/test_validation.py +++ b/tests/fideslang/test_validation.py @@ -31,10 +31,10 @@ def test_fides_key_doesnt_match_stated_parent_key(): with pytest.raises(FidesValidationError): DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable.custom_test_data", + fides_key="user.custom_test_data", name="Custom Test Data", description="Custom Test Data Category", - parent_key="user.derived", + parent_key="user", ) assert DataCategory @@ -43,10 +43,10 @@ def test_fides_key_doesnt_match_stated_parent_key(): def test_fides_key_matches_stated_parent_key(): DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable.custom_test_data", + fides_key="user.account.custom_test_data", name="Custom Test Data", description="Custom Test Data Category", - parent_key="user.provided.identifiable", + parent_key="user.account", ) assert DataCategory @@ -56,7 +56,7 @@ def test_no_parent_key_but_fides_key_contains_parent_key(): with pytest.raises(FidesValidationError): DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable.custom_test_data", + fides_key="user.custom_test_data", name="Custom Test Data", description="Custom Test Data Category", ) @@ -67,10 +67,10 @@ def test_no_parent_key_but_fides_key_contains_parent_key(): def test_create_valid_data_category(): DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable.custom_test_data", + fides_key="user.custom_test_data", name="Custom Test Data", description="Custom Test Data Category", - parent_key="user.provided.identifiable", + parent_key="user", ) assert DataCategory @@ -80,10 +80,10 @@ def test_circular_dependency_data_category(): with pytest.raises(FidesValidationError): DataCategory( organization_fides_key=1, - fides_key="user.provided.identifiable", - name="User Provided Identifiable Data", + fides_key="user", + name="User Data", description="Test Data Category", - parent_key="user.provided.identifiable", + parent_key="user", ) assert True @@ -92,7 +92,7 @@ def test_circular_dependency_data_category(): def test_create_valid_data_use(): DataUse( organization_fides_key=1, - fides_key="provide.system", + fides_key="provide.service", name="Provide the Product or Service", parent_key="provide", description="Test Data Use", @@ -105,10 +105,10 @@ def test_circular_dependency_data_use(): with pytest.raises(FidesValidationError): DataUse( organization_fides_key=1, - fides_key="provide.system", + fides_key="provide.service", name="Provide the Product or Service", description="Test Data Use", - parent_key="provide.system", + parent_key="provide.service", ) assert True @@ -157,7 +157,7 @@ def test_valid_policy_rule(): name="Test Policy", description="Test Policy", data_categories=PrivacyRule(matches="NONE", values=[]), - data_uses=PrivacyRule(matches="NONE", values=["provide.system"]), + data_uses=PrivacyRule(matches="NONE", values=["provide.service"]), data_subjects=PrivacyRule(matches="ANY", values=[]), data_qualifier="aggregated.anonymized.unlinked_pseudonymized.pseudonymized", ) @@ -189,7 +189,7 @@ def test_create_valid_system(): PrivacyDeclaration( name="declaration-name", data_categories=[], - data_use="provide.system", + data_use="provide.service", data_subjects=[], data_qualifier="aggregated_data", dataset_references=[], @@ -214,7 +214,7 @@ def test_circular_dependency_system(): PrivacyDeclaration( name="declaration-name", data_categories=[], - data_use="provide.system", + data_use="provide.service", data_subjects=[], data_qualifier="aggregated_data", dataset_references=["test_system"], @@ -242,7 +242,7 @@ def test_invalid_country_identifier(country_code: str): PrivacyDeclaration( name="declaration-name", data_categories=[], - data_use="provide.system", + data_use="provide.service", data_subjects=[], data_qualifier="aggregated_data", dataset_references=["test_system"], @@ -268,7 +268,7 @@ def test_valid_country_identifier(country_code: str): PrivacyDeclaration( name="declaration-name", data_categories=[], - data_use="provide.system", + data_use="provide.service", data_subjects=[], data_qualifier="aggregated_data", dataset_references=["test_system"],