User Guide > Search and View Objects > Viewing Data Privacy Metrics
  

Viewing Data Privacy Metrics

If you have access to Data Privacy Management, you can view the data privacy metrics extracted from Data Privacy Management in the System and Policy facets of Axon. The data privacy metrics helps you determine whether your organization is compliant with statutory regulations, such as General Data Protection Regulation (GDPR) policy.
Axon displays data privacy metrics, such as risk score, risk cost, protection status, and sensitivity levels, sourced from Data Privacy Management on the Data Privacy dashboard. For example, you want to review if the current status of data privacy supports GDPR compliance. You can view the Data Privacy dashboard to identify the amount of sensitive data that is protected, risk costs, and the policy violations. Based on the current aggregate state of the privacy metrics, you can take necessary actions to identify and protect sensitive data.
In Data Privacy Management, data privacy metrics are measured for a data store. A data store is a repository object that connects to the data source that you want to analyze. You add data stores to scan jobs. The scan job connects to and identifies sensitive data in the data source.
You can link a security or classification policy from Data Privacy Management to an Axon policy. A security policy is a rule-based policy designed to detect violations. A security policy contains the severity level of a violation and a rule that defines the violation. Classification policies cater to specific data security standards, such as PCI, PHI, PII, that are available by default. A classification policy defines the rules that Data Privacy Management uses to identify sensitive data and classify a data store based on industry or organization data security standards.
Axon displays the following data privacy metrics for system and classification policies:
Axon displays the following data privacy metrics for security policies:
The following image shows a sample data privacy dashboard for a system:
The Data Privacy dashboard for a system shows the following privacy metrics: Risk Score, Risk Cost, Protection Status, and Sensitivity Levels.
  1. 1. The overall risk score for the scanned data stores that are associated to a system. Axon displays a distribution chart with the total number of data stores and the level of risk based on the different color codes.
  2. 2. The total cost of exposed sensitive data. View the number of sensitive fields and records that are exposed.
  3. 3. The percentage of unprotected data. View the number of protected and unprotected sensitive fields.
  4. 4. The sensitivity levels of data in the data stores.

Risk Score

Displays a number that summarizes the overall risk score of the scanned data stores that are associated to a system or classification policy. The higher the number, the greater the risk to sensitive data. The risk score value ranges from 0-100. View the total number of data stores that are at risk along with data store distribution chart based on the severity level of the risk. The data store risk chart shows the distribution of risk based on the following levels:

Risk Cost

Displays the cost that the business might incur if the sensitive data in the data store is exposed. The data risk cost of a data store is the product of the cost for each occurrence of sensitive data and the number of records of sensitive data. You can view the following details:

Protection Status

Displays the percentage of unprotected sensitive data in the data store that is associated with a system or classification policy. A field is protected if a PowerCenter mapping includes a data masking transformation for the column. The Protection Status indicator shows the number of sensitive fields that are protected and unprotected.

Sensitivity Levels

The level of data sensitivity of a data store that is associated to a system or classification policy. You can view the following default sensitivity levels:
The sensitivity level for a system contains a pie chart that includes distribution of data stores based on the sensitivity level. You can also view the total number of data stores.
The sensitivity level for a classification policy shows only one sensitivity level. If a data store matches a classification policy, the scan job in Data Privacy Management updates the data store with the sensitivity level of the classification policy. When you click on the Data Privacy Management link to view the sensitivity level, you might find a different sensitivity level for the classification policy because Axon displays the aggregate sensitivity value at the data store level.

Policy Violations

Displays the total number of violations that Data Privacy Management detected for a security policy associated with an Axon business policy. Axon displays the total number of violations measured over the last 30 days. You can see the aggregate number of data stores associated with the violations for the security policy. You can also view the number of violations in each data store.
A security policy violation occurs when one or more properties in an anomaly, data store, or user activity event match the rule specified in a security policy. The count only includes the data stores to which you have access. To view more details about the security policy in Data Privacy Management, you can click the link that displays the associated security policy name on the dashboard.
The following image shows a sample data privacy dashboard for an Axon policy that is associated with a security policy:
The Data Privacy dashboard shows the following privacy metrics for a security policy: Policy Violations and Severity Level.
  1. 1. The total number of security policy violations. Axon lists the top five data stores with the corresponding number of violations.
  2. 2. The severity level of the policy violation.
  3. 3. The Data Privacy Management link to the associated security policy.

Severity Level

Displays the severity level of violation of a security policy that is associated with the Axon policy. A violation can only have one severity level. The severity level can have one of the following values:

Viewing Data Privacy Dashboard

You can view the data privacy metrics extracted from Data Privacy Management in System and Policy facets.
    1. Click an object from a System or Policy facet.
    2. Click the Dashboard tab.
    3. Select the Data Privacy view from the list.
    The dashboard appears with the data privacy metrics.