Skip to main content

About Sensitive Data Discovery


This feature is currently in Beta and is not widely available to all customers. Keep in mind that you will need to purchase an add-on to use this feature. For more details, please reach out to your Customer Success specialist.

What is Sensitive Data Discovery?

Sensitive Data Discovery, is a method that employs machine learning to automatically identify and categorize sensitive data in your source technology. Sensitive data can be Personal Identifiable Information (PII), Protected Health Information (PHI), or Payment Card Industry (PCI) information, to name a few. After scanning the source technology and classifying the data, the collector uploads this classification metadata to Users can then view these classifications for resources cataloged from their source technology.

The collector can scan any table, accessible via SQL, that contains at least one row of data. It does not have a limit on the number of tables it can scan. Tables are scanned at the column level.


The Sensitive Data Collector (DWCC-SDD) performs scans on your source technology. However, it does not perform scans on live connected datasets or virtualized data assets within


DWCC-SDD utilizes to categorize your data. The library, which includes the model for data classification, is incorporated in the DWCC-SDD Docker image. The collector takes a sample of data from the source technology, sends this sampled data to the bundled library for classification, and then captures the classifications in the collector output.

As the model is integrated with the collector, no data is sent to and the library does not directly connect to or read from the source database. Data utilized for classification is not used for model training. Since the collector only catalogs classification metadata, the actual data used in the classifications is not stored on the platform.


Key Features

Sensitive Data Discovery consists of four main features:

  • Scan: The tool scans multiple data sources. It uses pre-trained machine learning to instantly identify over 30 types of sensitive data.

  • Classification: This feature allows you to distinguish between various types of sensitive data and apply specific rules for handling each type. For example, the term confidential could have a unique meaning within your organization. By applying the confidential classification, you can apply your business logic to the data.

  • Action: All the information obtained is completely reportable. You can generate a report detailing all your assets, including the sensitive data types and classifications applicable to them.

  • Integration: Finally, you have the option to export these reports to your preferred BI tool to integrate them into a broader system or project.

Scanned entity types

DWCC-SDD scans the following entity types. This is a subset of the entity types supported by For a description of these entity types, see the Private AI documentation.


  • DATE


  • SSN

  • NAME










  • TIME

  • URL




  • CVV









  • DRUG





Supported sources

The Sensitive Data Collector can be run on the following sources:

  • Amazon Athena

  • AWS Redshift

  • Google BigQuery

  • PostgreSQL

  • Snowflake

Supported languages for the content processed from the source

The Collector can be run on content in various languages. For the complete list of languages supported, see the Private AI documentation.

Important things to note

  • Before initiating the Sensitive Data Discovery collector, verify that your organization has a database that has been cataloged already.

  • The Sensitive Data Collector does not operate on datasets that are already imported and virtualized into the system. It should be run in conjunction with the regular Collector to tag incoming data in the application.

  • Every time new data is imported into the application using the regular Collector, you should rerun the Sensitive Data Collector.