Northwood BankGovernRedaction policy
Redaction policy
Drives the SDK's classify / redact / tokenize / encrypt decisions at the boundary. Every save creates a new signed version; old versions continue to apply to evidence captured under them.
Editor
Active policy
safe-banking-v8
Signed byAnders Møller (DPO) · Marta Schreiber (CCO)
Published17:02 · 22 May 2026
Applies toall new events
10 rules · 8 built-in · 2 custom
| PII class | Treatment | Vault retention | Resolver | MFA | Justification | Pattern / classifier | Edit |
|---|---|---|---|---|---|---|---|
| person_name | tokenize | 180 days | Vault Resolver | required | required | ner · NameEntity v3 | |
| us_ssn | tokenize + encrypt | 7 years | Vault Resolver | required | required | ^\d{3}-\d{2}-\d{4}$ | |
| tokenize | 90 days | Vault Resolver | required | optional | RFC 5322 strict | ||
| phone | tokenize | 180 days | Vault Resolver | required | optional | E.164 | |
| address | tokenize | 180 days | Vault Resolver | required | required | libpostal v2 | |
| dob | tokenize | 7 years | Vault Resolver | required | required | ISO 8601 strict | |
| account_number | tokenize + encrypt | 7 years | Vault Resolver | required | required | IBAN · Luhn account fmt | |
| free_text | LLM redact | 90 days | Vault Resolver | required | required | classifier · v4 prompt | |
| nb_internal_idcustom | tokenize | 5 years | Vault Resolver | required | required | NB-\d{8} | |
| loan_applicationcustom | tokenize + encrypt | 10 years | Vault Resolver | required | required | LA-\d{12} |
Customer-specific patterns
2 additional classes beyond the 8 built-in. Patterns reviewed by Anders Møller.
Token vault
Per-class retention. Resolver = role permission overlay. Every resolution logs MFA + justification to the audit-of-audit log.
Versioning
Events captured under v8 stay tagged v8 even after v9 publishes. Auditors can re-read evidence under the policy that produced it.
Version history · signed
WorkingHistoricalTrial
| Version | Tag | Author / signer | Published | Changes | Actions |
|---|---|---|---|---|---|
| v9 | draft | Anders Møller | in progress · started 2h ago | + device_geohash class · adjust SSN retention | |
| v8 | active | Marta Schreiber / Anders Møller | 17:02 · 22 May 2026 | + free_text LLM redaction · tightened address NER | |
| v7 | historical | Marta Schreiber | 12 Apr 2026 | initial production policy | |
| v6 | historical | Anders Møller | 04 Mar 2026 | pattern updates |
Every save creates a signed version. DPO sign-off captured as an audit event; signers list above is what auditors see in the workpaper bundle.