Running the Structural sensitivity scan

When sensitivity scans run

Structural runs sensitivity scans automatically. You can also run manual sensitivity scans.

Automatic sensitivity scans

Structural automatically runs a sensitivity scan when you create a completely new workspace and connect a data source.

Structural also runs a new sensitivity scan when you change the data connection details for the source database.

For a file connector workspace, Structural runs a sensitivity scan when you add a file group.

A child workspace always inherits the sensitivity designations from its parent workspace.

When you copy a workspace, Structural runs a new sensitivity scan on the copy to identify sensitive columns. However, it keeps the sensitivity designation for columns that you specifically marked as sensitive or not sensitive.

Manual sensitivity scans

In addition to the automatic scans, from Privacy Hub, you can start a sensitivity scan manually.

Configuring parallel processing for sensitivity scans

For improved performance, sensitivity scans can use parallel processing.

For relational databases such as PostgreSQL and SQL Server, to configure parallel processing, you use the environment setting TONIC_PII_SCAN_PARALLELISM_RDBMS. The default value is 4.

For document-based databases such as MongoDB, you use the environment setting TONIC_PII_SCAN_PARALLELISM_DOCUMENTDB. The default value is 1.

For information about how to configure environment settings, go to Configuring environment settings.

How Structural identifies sensitive values

To identify that a column contains sensitive information, Structural looks at the data type, column name, and column values. To help identify sensitive column values, the scan uses regex matching and dictionary lookups.

The sensitivity scan always looks for the Structural built-in sensitivity types. It also looks for any custom sensitivity types that you define in your custom sensitivity rules. Those rules are based on the column data type and column name. For more information about custom sensitivity rules, go to Creating and managing custom sensitivity rules.

This process cannot guarantee perfect precision and recall. We strongly recommend that a human reviews the sensitivity scan results and the broader dataset to ensure that nothing sensitive was missed.

Results of the sensitivity scan

For the columns that it identifies as containing sensitive data, Structural:

Note that if the recommended generator is not compatible with the column, then Structural discards the recommendation.

Downloading the sensitivity scan log

To download the log of the most recent sensitivity scan:

  • On the workspace management view, from the download menu, select Download Sensitivity Scan Log.

  • On Privacy Hub, click Reports and Logs, then select Scan Log.

The log tracks the progress of the scan.

Last updated