Policies define for what purpose a certain pipeline processes data points.
An important technical aspect of a policy is its retention period. Every encryption key that is created in the context of a certain pipeline will be assigned a policy and an expiration moment. What one does with these expirations is up to the organization. For certain legal or financial pipelines, it might mean do not delete encryption key any sooner than. But for a pipeline that deals for instance with a clickstream it might mean automatically delete after.
Policies have a few attributes.
strm get policy "1 year"
Name: 1 year
name: The name of the policy. This has to be unique within your organization. Preferably choose a short word or sentence. This name can be used to interact with policies via the cli and the console id
id: This uuid is assigned at random upon creation of a policy. It is required when updating policy attributes
description: A thorough description of the policy. This describes its purpose, and for what kind of pipelines this policy is used.
retention: Upon encryption key creation in the context of a certain pipeline, the pipeline policy is applied, and the expiration is calculated from the moment the key was first used for encryption plus the number of days retention.
legal grounds: In case the policy is derived from a legal or regulatory text, one could put a reference in this field
state: The state of the policy, either
archived. Policies can only be used in pipelines when they're
active state. Policy attributes can be modified as long as its state is
draft. Policies can be deleted in
The batch key export (for the streams) and the keys csv files for the batch jobs have 4 columns3.
keyLink: the key link that gets inserted into every data point that is tied to the encryption key that was used
encryptionKey: the encryption key that was used to encrypt the data point. This can also be used to restore the orignal value of attributes.
policyId: the id of the policy that was applicable when the key was created.
expiresAt: the key was used from a certain moment1, and this moment plus the number of retention days2.
This 1 years policy was applied and the 1354233600000 translates to Friday, 30 November 2012 00:00:00 (Use epochconverter for instance).
The default policy
Currently, since organizations on STRM Privacy don't really have policies yet, we have the following default policy.
policy with no name and no id. This happens when you don't fill in a policy in a stream or a batch-job. In that case the
policy server will provide the
no-name policy with a retention of 7 years 3. You would see this in the exported
keys files as an empty
policyId column, and the appropriate expiration time.
strm get policy --get-default-policy
Name: 7 years
Description: Default 7 year retention