Fideslang (fee-dez-læŋg, from the Latin term "Fidēs" + "language") is a proposed model for a human-readable "taxonomy" of privacy-related data types, behaviors, and usages. Fideslang hopes to develop an interoperable community standard for building privacy regulation compliance into the typical software development process.
Summary of Taxonomy Classification Groups
The Fides taxonomy, or categorization, is made up of four main classification groups. These groups are used together to describe the data types, uses, and processing behaviors of an entire tech stack, including both application processes and data storage.
1. Data Categories
Data Categories are labels to describe the type of data processed by your software. These are most heavily used by the System and Dataset resources, where you can assign one or more data categories to each field.
Data Categories are hierarchical with natural inheritance, meaning you can classify data coarsely with a high-level category (e.g.
user.contact data), or you can classify it with greater precision using subcategories (e.g.
Learn more about Data Categories in the taxonomy reference now.
2. Data Uses
Data Uses are labels that describe how, or for what purpose(s) a component of your system is using data.
Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g.
provide.service.operations) or with more precision using subcategories (e.g.
Learn more about Data Uses in the taxonomy reference now.
3. Data Subjects
Data Subjects is a label commonly used in the regulatory world to describe the users of a system who's data is being processed. In many systems a generic user label may be sufficient, however the taxonomy is intended to provide greater control through specificity where needed.
Examples of this are:
Learn more about Data Subjects in the taxonomy reference now.
4. Data Qualifiers
Data Qualifiers describe the degree of identification of the given data. Think of this as a spectrum: on one end is completely anonymous data, i.e. it is impossible to identify an individual from it, and on the other end is data that specifically identifies an individual.
Along this spectrum are labels that describe the degree of identification that a given data might provide, such as:
Learn more about Data Qualifiers in the taxonomy reference now.
Extensibility and Interoperability
The taxonomy is designed to support common privacy compliance regulations `and standards out of the box, these include GDPR, CCPA, LGPD and ISO 19944.
You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization.
If you have suggestions for missing classifications or concepts, please submit them for addition.