Enactment Type

The enactment type specifies when a protection policy is applied - upon read or write.

Read policies alter or protect data as soon as it is read by an origin or a processor. A read policy limits or totally restricts the ability to use protected data during processing, depending on how the data is protected. For example, you might generalize dates before using them in processing, while completely redacting social security numbers.

Write policies alter or protect data immediately before it is written by a destination, processor, or executor. A write policy protects sensitive data from accidentally leaking to a system where it does not belong. For example, you might use a write policy to ensure that sensitive customer data is not written to a system shared by partner companies.

In both cases, protected data can still provide value for processing or reporting, depending on the protection methods that you use.

Note: Once configured, you cannot change the policy enactment type.