Concepts and Terms
This section will help you, the user, get familiar with some key concepts and terms used in Bornio.
Raw Data (Production Data)
Typically the original data collected in a production software application. Raw data is likely to contain sensitive personal information that has to be protected prior to sharing with other internal or external personnel.
Source Data or Source Dataset
A collection of tables or files or objects in a database, file system or object store with some structured or semi-structured set of columns (or fields). The values of fields in these tables, files or objects need to be protected from a data privacy perspective depending on how sensitive the field is.
De-Identification (Masking, Anonymization or Data Privacy Protection)
The process of transforming raw data into a form that cannot lead to identification of a specific individual or entity and their attributes in the raw data.
Purpose of Use (Purpose)
Reason for requiring raw data to be de-identified. Purpose can be to comply with a particular regulation, for software testing, to obtain training data for AI/ML models, for use by Customer Success teams, for use by Healthcare Providers, Finance teams, Marketing teams etc. for Analytics.
User Role (Role)
The functional role of a user accessing or requiring access to data. Typical roles that require access to data are roles within functions such as Analytics, Executives, Marketing, Finance, Sales, R&D (Engineering), QA, Supply Chain etc.
User
An individual who requires access to data to fulfill their job responsibilities. Examples of users may be someone who may be a Data Analyst, a Marketing Manager, a CFO, a Data Scientist, an AI/ML Engineer etc.
Geography, Geo-Location, Location (Geography)
A place from where a User accesses data to serve a Purpose.
(Data) Privacy Regulation (Regulation)
A regulation or act by a government body that lays out the framework and rules for protecting sensitive data in any data that a company collects, processes and manages.
(Data) Protection Method
An actual technique by which raw data in a data source is converted to a protected form. This is a function applied to the raw data that changes the value and/or format of the data to a different one depending upon the nature of the data, the current context and the requirement. Masking, Tokenization, Hashing etc. are examples of different protection methods.
Privacy Policy
This is a general policy created by a company’s legal team and shared privately (company internal) and publicly (on the company’s website, for example) that states how a company collects, stores, processes and uses customer or other sensitive data.
(Data) Privacy Policy
A set of rules, usually created by a legal team, that lays out how different types of data that are sensitive within an organization should be protected. This is typically guided by Privacy Regulation or Regulations and also company internal policies to protect customer or employee or other similar sensitive data. In the context of Bornio, a Privacy Policy is a collection of protection methods prescribed for the columns of all tables or files in a given Source Data.
(Data) Policy Model
A Bornio internal representation of a general Privacy Policy that the Bornio Privacy Policy Recommendation Engine uses to determine the right Data Privacy Policy to generate for a given context. A context can be any combination of Source Data (required), Purpose (required and initially represented by any combination of Regulation or Role) and Geography.
(Data) Privacy Filter
An executable instance of a Privacy Policy. It not only incorporates the full context of a Privacy Policy but also has additional context that may include the target where it runs and data transformation monitoring and observability. A Privacy Filter can take many forms such as a transformation function or User Defined Functions (UDF) in an ETL tool (pluggable into a data pipeline), a set of UDFs in a database or a Job (executable via APIs programmatically or via a designer tool user interface (UI) manually), for example.