Data Access Management processes data de-identification policies from top to bottom.
Data de-identification policies handle data classifications in the following ways:
•If a data element has multiple data classifications, the first occurrence of any of the assigned data classifications determines the data protection applied.
•If a cell-level condition contains any of the multiple data classifications for the data element, then the cell-level condition is true and applies.
•If there is a cell-level condition using both data classifications for a data element with an Or clause, that condition evaluates to true, and the associated actions are applied.
•If there is a cell-level condition using both data classifications with an And clause, that condition evaluates to false when the combined conditions are not met.
•If there is a cell-level condition using both data classifications with an And clause, that condition evaluates to true when the combined conditions are met.
•Cell-level de-identifications take precedence before field-level de-identifications.