# Privacy Hub
## About Privacy Hub
**Privacy Hub** tracks the current protection status of source data columns based on:
* [Column sensitivity](https://docs.tonic.ai/app/generation/identify-sensitive-data), either from the most recent sensitivity scan or from manual assignments
* Assigned [table modes](https://docs.tonic.ai/app/generation/table-modes)
* Assigned [generators](https://docs.tonic.ai/app/generation/generators)
To display **Privacy Hub**, either:
* On the workspace management view, in the workspace navigation bar, click **Privacy Hub**.
* On **Workspaces** view, click the workspace name.
From **Privacy Hub**, you can:
* Review and apply the recommended generators for all detected sensitive columns
* View the current protection status of columns
* Manually mark columns as sensitive or not sensitive
* Configure protection for sensitive columns
* Download a preview Privacy Report
* Run a new sensitivity scan
You can also track the history of changes to column sensitivity and the assigned column generators. For more information, go to [protection-audit-trail](https://docs.tonic.ai/app/generation/protection-audit-trail "mention").
## Viewing the count of detected sensitive columns that are not protected
The sensitivity scan detects specific types of sensitive data.
If your workspace contains any columns that the sensitivity scan identified, and for which you have not either:
* Assigned a generator
* Marked as not sensitive
Then Tonic Structural displays a **Sensitivity Recommendations** banner that contains a count of those columns.
Sensitivity Recommendations banner on Privacy Hub
The count only includes sensitive columns that the sensitivity scan detects. If you manually mark a column as sensitive, it is not included in the list.
On the banner, the **Review Recommendations** option allows you to review the detected columns and the recommended generators for each detected sensitive data type.
You can then apply the recommended generators or ignore the recommendations. When you ignore a recommendation, you either:
* Indicate to remove the generator recommendation for the column.
* Indicate that the column data is not sensitive.
For more information, go to [generators-review-apply-recommended](https://docs.tonic.ai/app/generation/generators-assign-config/generators-review-apply-recommended "mention").
## Viewing the protection status for each column
The protection status panels at the top of **Privacy Hub** provide an overview of the current protection status of the columns in the source data.
Each panel displays:
* The number of columns that are in that category.
* The estimated percentage of columns that are in that category.
Note that for a [JSON column that uses **Document View**](https://docs.tonic.ai/app/generation/working-with-document-based-data/json-document-view), the protection status displays a separate box for each combination of JSON path and data type.
From each panel, you can [display details for and configure protection for each column](#viewing-and-configuring-columns).
The column counts do not include columns that do not have data in the destination database. For example, if a table is assigned Truncate table mode, then **Privacy Hub** ignores the columns in that table.
The information on these panels updates automatically as you change whether columns are sensitive and assign generators to columns.
### At-Risk Columns
The **At-Risk Columns** panel reflects columns that:
* Are populated in the destination database.
* Are marked as sensitive.
* Have the generator set to Passthrough, which indicates that Structural does not perform any transformation on the data.
For each column, the **At-Risk Columns** panel also indicates the sensitivity confidence, from full confidence (completely red) to low confidence (a small percentage of red).
The goal is to have 0 at-risk columns.
When you click **Open in Database View**, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view). The column list is filtered to show columns that are at risk.
### Protected Columns
The **Protected Columns** panel reflects columns that:
* Are populated in the destination database.
* Are assigned a generator other than Passthrough.
It includes both sensitive and non-sensitive columns.
Note that a column is considered protected based solely on the assigned generator. Some more complex generators, such as JSON Mask or Conditional, allow you to apply different generators to specific portions of a value or based on a specific condition. However, the protection status does not reflect these sub-generators. An applied sub-generator could be Passthrough.
When you click **Open in Database View**, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view). The column list is filtered to show all included columns that are protected.
### Not Sensitive Columns
The **Not Sensitive Columns** panel reflects columns that:
* Are populated in the destination database.
* Are marked as not sensitive.
* Have the generator set to Passthrough.
When you click **Open in Database View**, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view). The column list is filtered to show included columns that are not sensitive and are not protected.
## Viewing the protection status for each table
The **Database Tables** list shows the protection status for each table in the source database. You can view the number of columns that have each protection status, and update the column configuration.
The list does not include tables where the table mode is Truncate or Preserve Destination. Truncated tables are not populated in the destination database. For Preserve Destination tables, the existing data in the destination database does not change.
### Information in the list
For each table, **Database Tables** provides the following information:
* **Name -** The table name. For a [file connector](https://docs.tonic.ai/app/setting-up-your-database/file-connector) workspace, each table corresponds to a file group.\
\
Each [JSON column that uses **Document View**](https://docs.tonic.ai/app/generation/working-with-document-based-data/json-document-view) is also in a separate row. For JSON columns, the Name column displays both the table name and the column name.\
\
When you click a table name, you can navigate to either:
* **Database View**, filtered to to display the columns for that table.
* **Table View** for that table.
* **Not Sensitive -** The number of not sensitive columns in the table. Not sensitive columns are not marked as sensitive and have Passthrough as the generator.\
\
When you click the value, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view), filtered to display the not sensitive columns for the table.
* **Protected -** The number of protected columns in the table. Protected columns have an assigned generator. A protected column can be either sensitive or not sensitive.\
\
When you click the value, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view), filtered to display the protected columns for the table.
* **At-Risk -** The number of at-risk columns in the table. These columns are marked as sensitive, but have Passthrough as the generator. The goal is to have 0 unprotected sensitive columns.\
\
When you click the value, you navigate to [Database View](https://docs.tonic.ai/app/generation/database-view), filtered to display the at-risk columns for the table.
* **Privacy Status -** Indicates the current protection status of the columns in the table. It provides the same view and configuration options as the protection status panels at the top of **Privacy Hub**.
### Filtering the list
You can filter the **Database Tables** list either by the table name or by the schema.
#### Filtering by table name
To filter the list by table name, in the filter field, begin to type text that is in the table name. As you type, Structural updates the list to only display matching tables.
#### Filtering by schema
To filter the list to only include tables that belong to a specific schema:
1. Click **Filter by Schema**.
2. From the schema dropdown list, select the schema.
When you select a schema, Structural adds it to the filter field.
### Sorting the list
You can sort the **Database Tables** list by any column except for the **Privacy Status** column.
To sort by a column, click the column heading. To reverse the sort order, click the heading again.
### Managing columns from the table list
The **Privacy Status** column in the **Database Tables** list indicates the protection status of the columns in the table.
This column provides the same [options to view and configure columns](#viewing-and-configuring-columns) as the protection status panels at the top of **Privacy Hub**, but is limited to the columns in a specific table.
## Viewing and configuring columns
### Navigating through columns and viewing column details
Each protection status panel displays a series of boxes to represent the columns that apply to that status. For example, if the source data contains four columns that are at-risk, then the **At-Risk Columns** panel displays four boxes, one for each column.
The **Privacy Status** column in the **Database Tables** list displays the same set of boxes for the columns in an individual table.
If the number of columns is too large to fit, then the last box shows the number of additional columns that apply. For example, if there are 15 columns that don't fit, then the last box is labeled +15.
When you hover over a box, the column name displays in a tooltip.
When you click a box, the details panel for that column displays.
When you click the box for remaining columns, the details panel for the first column in the remaining columns displays.
You can use the next and previous icons at the bottom right of the details panel to display the details for the next or previous column.
The column details panel opens to the settings view. The settings view contains the following information:
* The table and column name.
* Whether the column is flagged as sensitive.
* The type of sensitive data that the column contains.
* The data type for the column data.
* The generator that is assigned to the column.
* For a child workspace, whether the column configuration is inherited from the parent workspace. For columns that have overrides, you can reset to the parent configuration.
### Indicating whether a column is sensitive
{% hint style="info" %}
**Required workspace permission:** Configure column sensitivity
{% endhint %}
From the settings view of the column details, you can configure the column sensitivity.
You cannot change the sensitivity of columns in a child workspace. A child workspace always inherits the sensitivity from its parent workspace. For more information, go to [workspaces-inheritance](https://docs.tonic.ai/app/workspace/managing-workspaces/workspaces-inheritance "mention").
As you change the column sensitivity, Structural updates the protection status panels.
To change whether the column is sensitive, toggle the **Sensitive** option. The column is moved if needed to reflect its new status. However, you remain on the current panel.
For example, from the **At-Risk Columns** panel, you change a column to be not sensitive. The column is moved to the **Not Sensitive Columns** panel. When you click the next or previous icons, you view the details for the next or previous column on the **At-Risk Columns** panel.
### Selecting and configuring a generator for the column
{% hint style="info" %}
**Required workspace permission:** Configure column generators
{% endhint %}
From the column details, you can assign and configure the column generator.
When you change the column generator, Structural updates the protection status panels.
If the column generator was previously Passthrough, then the column is moved to the **Protected Columns** panel. However, you remain on the current panel. For example, you assign a generator to a column that is on the **At-Risk Columns** panel. The column is moved to the **Protected Columns** panel, but when you click the next or previous icons, you view the details for the next or previous column on the **At-Risk Columns** panel.
#### Selecting the generator
For sensitive columns that are not protected, Structural displays the recommended generator as a button.
For self-hosted instances that have an Enterprise license, the recommended generator is the built-in generator preset.
To assign the recommended generator to the column, click the button.
Otherwise, select the generator from the **Generator Type** dropdown list.
For more information about selecting a generator, go to [generator-assignment-and-config](https://docs.tonic.ai/app/generation/generators-assign-config/generator-assignment-and-config "mention").
#### Configuring the generator
If the selected generator requires additional configuration, then below the **Generator Type** dropdown list is an **Edit Generator Options** link.
To display the configuration fields for the generator, click **Edit** **Generator Options**.
For information about configuring a selected generator or generator preset, go to [generator-assignment-and-config](https://docs.tonic.ai/app/generation/generators-assign-config/generator-assignment-and-config "mention").
After you configure the generator, to return to the settings view, click **Back**.
### Displaying sample data for a column
{% hint style="info" %}
**Required workspace permission:**
* **Source data:** Preview source data
* **Destination data:** Preview destination data
{% endhint %}
From the column details, you can display sample data for the column. The sample data allows you to compare the source and destination versions of the column values.
To display the sample data, click the view sample (magnifying glass) icon.
On the sample data view of the column details:
* The **Original Data** tab shows the values in the source data.
* The **Protected Output** tab shows the values that the generator produced.
### Enabling Document View for JSON columns
{% hint style="info" %}
Supported only for the file connector and PostgreSQL.
{% endhint %}
For a JSON column, instead of assigning a generator, you can enable **Document View**.
From **Document View**, you can view the JSON schema structure and assign generators to individual JSON fields. For more information, go to [json-document-view](https://docs.tonic.ai/app/generation/working-with-document-based-data/json-document-view "mention").
To enable **Document View**, on the column details panel, toggle **Use Document View** to the on position. When **Document View** is enabled, the generator dropdown is replaced with the **Open in Document View** option.
### Commenting on a column
{% hint style="info" %}
**Required license:** Professional or Enterprise
{% endhint %}
From the column details, you can view and add comments on the column. You might use a comment to explain why you selected a particular generator or marked a column as sensitive or not sensitive.
From the column details, to display the comments for the column, click the comment icon.
The comments view displays any existing comments on the column. The most recent comment is at the bottom of the list. Each comment includes the name of the user who made the comment.
To add the first comment to a column, type the comment into the comment text area, then click **Comment**.
To add an additional comment, type the comment into the comment text area, then click **Reply**.
## Downloading a preview Privacy Report
{% hint style="info" %}
**Required license:** Enterprise
{% endhint %}
The Privacy Report files that you download from **Privacy Hub** or the workspace download menu provide an overview of the current protection status based on the current configuration.
This is different from the Privacy Report files that you download from the data generation job details, which show the protection status for the data produced by that data generation.
You can download either:
* The Privacy Report .csv file, which provides details about the table columns, the column content, and the current protection configuration.
* The Privacy Report PDF file, which provides charts that summarize the privacy ranking scores for the table columns. It also includes the table from the .csv file.
For more information about the Privacy Report files and their content, go to [privacy-report](https://docs.tonic.ai/app/generation/privacy-report "mention").
### From workspace management view
To download the report from the workspace management view, click the download icon. In the download menu:
Download menu for a workspace
* To download the Privacy Report PDF file, click **Download Privacy Report PDF**.
* To download the Privacy Report .csv file, click **Download Privacy Report CSV**.
### From Privacy Hub
To download the report from **Privacy Hub**, click **Reports and Logs**, then:
Reports and Logs menu on Privacy Hub
* To download the Privacy Report .csv file, click **Privacy Report CSV**.
* To download the Privacy Report PDF file, click **Privacy Report PDF**.
## Running a new sensitivity scan on the data
{% hint style="info" %}
**Required workspace permission:** Run sensitivity scan
{% endhint %}
**Privacy Hub** provides an option to manually start a new [sensitivity scan](https://docs.tonic.ai/app/generation/identify-sensitive-data/running-the-structural-sensitivity-scan). For example, you might want to run a new sensitivity scan when:
* You add columns to the source database. The new scan identifies whether the new columns contain sensitive data.
* The data in a column changes significantly, and a column that Structural originally marked as not sensitive might now contain sensitive data.
You cannot run a sensitivity scan on a [child workspace](https://docs.tonic.ai/app/workspace/managing-workspaces/workspaces-inheritance). Child workspaces always inherit the sensitivity results from their parent workspace.
To run a new sensitivity scan, click **Run Sensitivity Scan**.
When Structural runs a new sensitivity scan:
* Structural analyzes and determines the sensitivity of any new columns.
* It does not change the sensitivity of existing columns that you marked as sensitive or not sensitive.
* For existing columns that you did not change the sensitivity of:
* Structural does not change the sensitivity of columns that the original scan marked as sensitive.
* It can change the sensitivity of columns that the original scan marked as not sensitive.
The protection status panels are updated to reflect the results of the new scan.
