Data protection rule
Introduction
Data protection rules (also known as PII Data Protection Rules) define how personally identifiable information (PII) is anonymized in Casewhere. They support GDPR compliance — specifically the "right to be forgotten" — by allowing you to configure field-level anonymization logic for any data class.
A data protection rule is a configuration entity that ties a data class attribute to an anonymization rule. The anonymization rule itself is a standard scalar-function rule that transforms the original value into an anonymized one.
Configuration
In Casewhere Admin, navigate to PII Data Protection Rules to create and manage anonymization rules.
A data protection rule has the following properties:
| Name | Type | Description |
|---|---|---|
| Data Class | string | The data class to which the rule applies. |
| Attribute | string | The attribute (field) to anonymize. |
| Is Identified | bool | Marks the attribute as an identity field (e.g., CPR, email) used to match anonymization requests against the database. |
| Anonymization Rule | Rule | A scalar-function rule that transforms the original value. |
| Is Active | bool | Whether the rule is active. |
Anonymization rule syntax
The anonymization rule is a scalar-function rule that receives the original value through @parameters.OriginalValue and returns the anonymized value.
Keywords
| Name | Type | Description |
|---|---|---|
| @parameters | DynamicDataObject | Contains OriginalValue — the current value of the field being anonymized. |
| @apiFactory | IManagedApiFactory | To construct Casewhere API objects. |
Examples
Example 1: Generalize email
Convert john@domain.com to Anonymous<random-id>@domain.com.
#predicate
var parts = @parameters.OriginalValue.Split(new char[]{ '@' }, StringSplitOptions.RemoveEmptyEntries);
var id = Guid.NewGuid().ToString().Replace("-", "");
parts[0] = $"Anonymous{id}@";
return String.Join("", parts);
Example 2: Mask phone number
Convert 50-12-34-56 to 50-xx-xx-xx.
#predicate
return @parameters.OriginalValue.Substring(0, 2) + "-xx-xx-xx";
Example 3: Replace with fixed placeholder
Replace a name with a fixed anonymous string.
"Anonymous"
Anonymization workflow
After defining rules, create a workflow to execute the anonymization process. A typical workflow includes:
- Form activity — Collects the individual's identity (e.g., CPR number, email) for matching.
- Scripted activity — Calls the
IPIIDataAnonymizationApito execute anonymization.
var pIIDataAnonymizationApi = ctx.Use<IPIIDataAnonymizationApi>();
var task = pIIDataAnonymizationApi.CreateAndAnonymizeTask(ctx.Ref("AnonymizationRequest").Identifier);
The anonymization process ensures data is anonymized across all Casewhere databases — event source, snapshot database, audit logs, system logs, and encrypted fields.
Note
Learn more about GDPR compliance in Casewhere in the GDPR - Right to be forgotten guide.