Meet Fidesctl: Privacy Policies as Code

Join the waitlist to get started with our free, hosted version!

:zap: Overview

Fides (fee-dhez, Latin: Fidēs) is an open-source tool that allows you to easily declare your systems' privacy characteristics, track privacy related changes to systems and data in version control, and enforce policies in both your source code and your runtime infrastructure.

:rocket: Quick Start

System Requirements

• Optional: pipx for environment isolation. The following documentation assumes pipx is installed, but pip commands can be substituted when needed.
• Docker (20.10.8+) and Docker Compose (1.29.0+)
• Python (3.9+)
• Nox (pipx install nox)

Getting Started

Fides is capable of generating a series of YAML configuration files to represent your stored data, processes, and organizations. These configuration resources can then be exported into both a data map, and an Article 30-compliant Record of Processing Activities (RoPA).

This guide will walk through generating a mock RoPA using predefined resources included in the Fides repository.

1. Ensure nox and docker and installed locally, and clone the Fides repo.

2. From the root fides directory, run the following commands:

   nox -s dev
   

   This will spin up the entire project and open a shell within the fidesctl container.

   Once you see the fides# prompt (takes ~3 minutes the first time), you can run the next command:

   fidesctl init
   

   This builds the required images, spins up the database, and runs the initialization scripts.

3. Use the export datamap command to generate a data map of the provided demo resources:

   fidesctl push demo_resources/
   fidesctl export datamap --output-dir demo_resources/
   

   This will push the provided demo resources, and export an .xlsx file of their contents to the demo_resources/ directory.

4. View the newly-generated data map generated from the provided resources.

   Controller

   The header block at the top of the data map is composed of properties found in the Organization resource. In a production deployment, this would be composed of publicly available information for your company or organization.

   Article 30 Record of Processing Activities

   The remainder of the information on the data map is generated from the provided configuration resources. In a production environment, these could be automatically generated from your databases and system resources.

   The Dataset resource is primarily used to provide a list of categories of personal data, recorded here using the Fides taxonomy, that your systems store or process, as well as their retention policies. Any Datasets referenced by a System will have this information included as rows of your data map.

   The System resource describes anything that processes data for your organization, such as applications, services, and third party APIs. In the resulting data map, this populates system-relevant items like the purpose of processing and use, as well as categories of individual the data pertains to.

   Together, these configuration files build out an initial map of RoPA-required data and resources.

5. Assess the Organization and System datasets using the --audit flag.

   fidesctl evaluate demo_resources/ --audit
   

   This command will identify any missing information in your resources, which should be added to generate a compliant Record of Processing Activities.

   Example Output

   "Auditing Organization Resource Compliance"
   Found 1 Organization resource(s) to audit...
   Auditing Organization: Demo Organization
   controller for default_organization in Demo Organization is compliant
   data_protection_officer for default_organization in Demo Organization is compliant
   representative for default_organization in Demo Organization is compliant
   security_policy for default_organization in Demo Organization is compliant
   All audited organization resource(s) compliant!
   ----------
   "Auditing System Resource Compliance"
   Found 2 System resource(s) to audit...
   "Auditing System: Demo Analytics System"
   improve.system missing recipients in Demo Analytics System.
   improve.system missing legal_basis in Demo Analytics System.
   improve.system missing special_category in Demo Analytics System.
   customer missing rights in Demo Analytics System.
   customer missing automated_decisions_or_profiling in Demo Analytics System.
   "Auditing System: Demo Marketing System"
   advertising missing recipients in Demo Marketing System.
   advertising missing legal_basis in Demo Marketing System.
   advertising missing special_category in Demo Marketing System.
   customer missing rights in Demo Marketing System.
   customer missing automated_decisions_or_profiling in Demo Marketing System.
   10 issue(s) were detected in auditing system completeness.
   

   --audit flags any empty fields, along with the System or Organization they belong to, and returns where or not the system is incomplete or fully compliant. In the above example, the Organization resource is compliant, but both the Marketing and Analytics systems are missing information that would be required in your RoPA.

Now that you've seen how Fides can generate a data map from your resources and assess them for compliance, learn how you can extend the Fides taxonomy to replace the missing values revealed by --audit with additional data, and push your changes to generate an Article 30-compliant RoPA.

:book: Learn More

The Fides core team is committed to providing a variety of documentation to help get you started using Fidesctl. As such, all interactions are governed by the Fides Code of Conduct.

Documentation

For more information on getting started with Fides, how to configure and set up Fides, and more about the Fides ecosystem of open source projects:

• Documentation: https://ethyca.github.io/fides/
• Tutorial: https://ethyca.github.io/fides/tutorial/
• Installation: https://ethyca.github.io/fides/installation/installation/
• Roadmap: https://github.com/ethyca/fides/projects
• Website: www.ethyca.com/fides

Support

Join the conversation on:

• Slack
• Twitter
• Discussions

Contributing

We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.

Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.

:balance_scale: License

The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0. Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.

Fides is created and sponsored by Ethyca: a developer tools company building the trust infrastructure of the internet. If you have questions or need assistance getting started, let us know at [email protected]!