# Compliance & Data Governance {% hint style="success" %} #### Compliance & Data Governance Glossary This advanced workshop focuses on creating a Compliance & Data Governance Glossary that addresses regulatory requirements, data privacy, and security considerations. You'll learn how to identify sensitive data, apply compliance tags, and build a Glossary that supports regulatory audits and data protection initiatives. By the end of this workshop, you will: * Identify and classify sensitive data elements * Apply regulatory compliance markers (GDPR, PCI-DSS, CCPA) * Design glossaries that support privacy-by-design * Implement data classification frameworks * Create audit-ready documentation {% endhint %}

Compliance & Data Governance Glossary

{% embed url="" %} *** {% hint style="info" %} #### Accessing Data Catalog To get started using the Data Catalog, log in using the address and credentials provided by your Data Catalog service user or administrator. {% endhint %} To access your catalog, please follow these steps: 1. Open **Google Chrome** web browser. 2. Navigate to: {% embed url="" %} 3. Enter following email and password, then click **Sign In**. Username: (mapped to Business Steward role) Password: Welcome123! *** {% tabs %} {% tab title="Regulatory Landscape" %} {% hint style="info" %} #### Understanding Regulatory Landscape Each regulation has different requirements, penalties, and scope. GDPR can fine up to 4% of global revenue. PCI-DSS non-compliance can result in losing credit card processing abilities. We must understand what each regulation demands before we can build a compliant glossary. Think of regulations as business requirements that happen to be legally mandated. * **GDPR:** Broadest scope, strictest penalties, applies globally if you have EU customers * **PCI-DSS:** Required for any credit card processing * **CCPA:** Growing trend, other states following California's lead * **SOX:** Public company requirement, affects financial data * **HIPAA excluded:** Adventure Works doesn't handle health data {% endhint %}
RegulationScopeKey RequirementsData Impact
GDPREU citizens' dataConsent, right to erasure, data portabilityNames, emails, addresses, phone, National Identity, etc
LGPDBrazilian citizens' dataSimilar to Europe's GDPRCovers a broad range of PII data
PCI-DSSPayment card dataEncryption, access control, monitoringCredit card numbers
CCPACalifornia residentsDisclosure, opt-out, deletion rightsPersonal information
SOXFinancial reportingAccuracy, audit trails, internal controlsFinancial records
1. Review the following tables: {% hint style="info" %} We can't protect what we don't know about. This systematic scan identifies all potentially sensitive data. We're looking for anything that could identify a person, reveal financial information, or be used for identity theft. This is like taking an inventory before implementing security measures: * Person.Person (names, demographics) * Person.EmailAddress (contact info) * Person.PersonPhone (phone numbers) * Person.Address (physical locations) * Sales.CreditCard (payment data) * HumanResources.Employee (SSN, birth dates) {% endhint %} 2. Ask the following questions to help define a: 'Risk Assessment Matrix': {% hint style="info" %} **Critical Questions:** 1. What Terms do you have difficulty with? 2. What data could identify an individual? 3. What data requires encryption? 4. What data has retention limits? 5. What data needs access controls? {% endhint %} {% endtab %} {% tab title="Create Glossary" %} {% hint style="info" %} #### Test Glossary Establishing a hierarchical structure by categorizing business terms into domains and specific categories simplifies data navigation and management. This organized structure boosts efficient data discovery and strengthens governance through role-based access controls. In the realm of data management, business terms are crucial in a data catalog, guaranteeing seamless identification, access, and utilization of data in line with organizational goals and compliance mandates. Let's create a Test Glossary .. {% endhint %} 1. Navigate to: Glossary {% tabs %} {% tab title="1. Glossary" %} {% hint style="info" %} #### Glossary Creating a test Glossary will help you define the hierarchy: Glossary -> Category -> Term. Exporting the Glossary will reveal how the Glossary is structured - esp the Properties - and again help understand the API call. {% endhint %} 1. Under Actions select 'Add New Glossary'.

Add New Glossary

2. Enter 'Test Glossary' and click 'Create'.

Create Test Glossary

3. Click on Edit: Enter a Definition & Purpose by clicking on the Edit option.

Enter Definition & Purpose

4. Click 'Save Changes'. *** {% hint style="info" %} #### Panel Enter a bunch of default values so we get an idea of what's in the API call .. {% endhint %} The following panels enable to track and audit any changes to the Glossary. {% tabs %} {% tab title="Properties" %} {% hint style="info" %} #### Properties The Properties panel define required metadata properties that track and audit any changes to the Glossary. {% endhint %}
PropertyValue(s)Description
SensitivityHIGHClassification system that categorizes data assets based on the potential impact if that data were to be compromised, accessed inappropriately, or disclosed without authorization
DomainTechnologyList of Domains
CustodianDavid ParkThe user responsible for managing the glossary.
Business StewardDavid ParkThe user responsible for any modifications to the asset.
Critical Data ElementFalseThis property is usually applied to columns. These columns should be critical pieces of information that are necessary for decision making and so need to be governed with the highest care.
StatusDraftAccepted, Draft, Review, Deprecated
Created byThe logged in userThe user who created the glossary item.
Updated byThe logged in userThe user who updated the glossary item.
Last UpdatedTimestampA timestamp indicating when the glossary item was last updated.

Glossary / Domain Properties

{% endtab %} {% tab title="Tags" %} {% hint style="info" %} Besides organizing your Glossary by Domain & Category, the Data Catalog allows you to assign **tags** to your resources. A tag is a label you can use to describe an element and to retrieve it later when browsing or searching. {% endhint %} 1. You can manually add a Tag: glossary\_tag

Glossary tag

2. Save. {% endtab %} {% tab title="Style" %} You can select the color & change the icon.

Style

{% endtab %} {% endtabs %} {% endtab %} {% tab title="2. Category" %} {% hint style="info" %} #### Category {% endhint %} 1. Select 'Test Glossary' Domain & then 'Add New Category'

Add New Category

2. Enter the Category Name: 'Test Category' & select Parent: 'Test Glossary'.

Create Test Category

3. Click 'Create'. 4. Enter a Definition & Purpose by clicking on the Edit option.

Test Category

| Property | Value | | --------------------- | --------------- | | Sensitivity | MEDIUM | | Domain | Technology | | Custodian | Elena Rodriguez | | Business Steward | Elena Rodriguez | | Critical Data Element | false | | Status | Draft | | Created by | David Park | | Last Updated | David Park | 5. Add the tag: category\_tag 6. Click 'Save Changes'. {% endtab %} {% tab title="3. Term" %} {% hint style="info" %} #### Term In a data catalog, a **Business Term** refers to metadata that describes the business aspects of a data asset. For example, a business term might indicate whether the data represents customer demographics, financial transactions, or product inventory. {% endhint %} 1. ```

Business Terms

``` 2. Select 'Test Category' & then 'Add New Term'.

Add New Term

2. Enter the Term Name: 'Test Term' & select Parent: 'Test Category'.
3. Click 'Create'. 4. Enter a Definition & Purpose by clicking on the Edit option.

Test Term

*** {% hint style="info" %} #### Custom Properties A Glossary, Category or Term metadata properties can be 'enriched' with Custom Properties. {% endhint %} {% tabs %} {% tab title="Custom Properties" %} {% hint style="info" %} #### Custom Properties A Glossary, Category or Term metadata properties can be 'enriched' with Custom Properties, which either be text or numerical. For example: a Term could have 5 Levels 1 to 5 {% endhint %} 1. Click the 'Custom' tab. 2. Click the “+ Add Custom Property” button.

Add Custom Property

3. Enter the Label, default value and select either Free text or Select Value that will be associated with the Term.

Add Custom Property

4. Click 'Save'. {% endtab %} {% tab title="Related" %} {% hint style="info" %} #### Related Lists the associated business terms of the chosen glossary term. It helps you understand the broader business context and semantic associations among terms, improving data discoverability and clarity. Relationship types such as **Synonym**, **Deprecated**, **In favor of**, **Has A**, **Is a type of A**, and **Related to** allow business stewards to define how terms are conceptually connected. {% endhint %} 1. Click the 'Custom' tab. 2. Click the “+ Add Term” button.

Set Term Relationship

x {% endtab %} {% tab title="Data Elements" %} {% hint style="info" %} #### Data Elements Lists the associated data elements across various data sources for the selected glossary term. This association provides a direct connection between business-level terminology and the underlying technical metadata, helping you understand where and how a business term is implemented within enterprise data systems. {% endhint %} x x x {% endtab %} {% tab title="More ..." %} {% endtab %} {% endtabs %} {% endtab %} {% endtabs %} {% endtab %} {% tab title="Upload Glossary" %} {% hint style="info" %} #### Glossary Creating a Glossary is pretty straightforward in Data Catalog .. and that's useful if you're testing out Hierarchies, Categories and Terms to ensure they follow convention. However, there will be a time when you'll need to do a bulk load to get up and running and that's where the fun begins. In this section we're going to take a deeper look inside the JSON Object. There's a couple of key features to bear in mind when your creating a Glossary: * Data Catalog uses[ JSONL](https://jsonlines.org/) - JSON Lines is a convenient format for storing structured data that may be processed one record at a time. The values are not stored in an array, but as: One JSON Object per line. * Each field needs specific fields, in the correct order, for a successful import: **Required Fields** `_id`: Unique identifier (e.g., "customer-name-001") `type`: Always "term" for term definitions `name`: Human-readable term name `fqdn`: Full hierarchical path `attributes`: Container for all term-specific data **Relationship Fields** `rootId`: ID of the root governance entity `parentId`: ID of the parent category/container `resourceId`: External resource reference (often empty) **Audit Fields** `createdAt/updatedAt`: ISO 8601 timestamps `createdBy/updatedBy`: UUID of the user * The 'attributes object' is a complex nested JSON Object that populates the Properties panel. **Attributes Structure** `features.sensitivity`: Data classification level `formula`: Validation rules/patterns (Lexical format) `info.custodian`: Data custodian UUID `info.businessSteward`: Business owner UUID `info.purpose`: Business purpose (Lexical format) `info.definition`: Term definition (Lexical format) `info.abbreviation`: Short code for the term `info.status`: Lifecycle state * You cannot apply incremental updates. The timestamp means that the whole Glossary has to uploaded. * {% endhint %} x x {% endtab %} {% endtabs %}