Write a Policy
Fidesctl's privacy declarations provide rich metadata about systems, the data categories they process, and the uses of that data. Policies allow you to enforce constraints on these declarations and decide what combinations to allow or reject at your company, thus providing a layer of automation to control data privacy at the source.
Define a single Policy by creating a
flaskr_policy.yml file in the
fides_resources directory. For this project, the file should contain the following configuration:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
This demo application is built without any real controls on user data, so the Fides policy is relatively restrictive. The two rules can be interpreted respectfully as:
- Do not use identifiable data for anything other than the app's primary functions (after all, it's just a demo app!).
- Do not collect any sensitive data at all. As a safe default, this is the type of policy you might add to all projects. Later, you can make exceptions (if you are working on a project that requires these categories).
Understanding the Policy
Policies use the following attributes:
|fides_key||FidesKey||An identifier label that must be unique within your organization. A fides_key can only contain alphanumeric characters and
|data_categories||List[DataRule]||The types of sensitive data as defined by the taxonomy|
|data_uses||List[DataRule]||The various categories of data processing and operations within your organization|
|data_subjects||List[DataRule]||The individual persons to whom you data rule pertains|
|data_qualifier||String||The acceptable or non-acceptable level of deidentification|
|action||Choice||A string, either
For more detail on Policy resources, see the full Policy resource documentation.
Maintaining a Policy
As global privacy laws change and businesses scale, a company's policies will evolve with them. We recommend that updating this resource file becomes a regular part of the development planning process when building a new feature.
Check Your Progress
Next: Add Google Analytics
Improve usage telemetry for this project by adding the nefarious tracker, Google Analytics.