# PrivaceraCloud Documentation

:
###### System Encryption Schemes Enabled by Default

After encryption has been enabled, Privacera-supplied system encryption schemes are also enabled.

###### List of System Encryption Schemes

The following is a list of the Privacera-supplied system encryption schemes. The name of a scheme in general describes the type of data the scheme is designed to encrypt.

• SYSTEM_US_PHONE_FORMATTED

• SYSTEM_ACCOUNT

• SYSTEM_PERSON_NAME

• SYSTEM_SSN

• SYSTEM_EMAIL

• SYSTEM_CREDITCARD

###### View Encryption Schemes

To see the schemes, navigate to Encryption & Masking and click Schemes.

###### Formats, Algorithms, and Scopes

The formats, algorithms, and scopes associated with each scheme are described in Encryption formats, algorithms, and scopes.

Here is a general description of some of these constructs.

###### Formats

For Privacera Encryption, a format refers to the datatype and structure of the input data to be encrypted, such as numeric, date, or credit card.

###### Algorithms

In general, there are two types of algorithms:

• Two-way encryption/decryption.

• One-way hashes.

One type of one-way transformation is the LITERAL replacement of data. This option replaces the specified data with the name of the tag associated with the data. For example, if a database field is tagged as PERSON_NAME, when an encryption transform is applied as LITERAL, the field's value is replaced with PERSON_NAME.

Using LITERAL means that the original data cannot be recovered.

###### Scopes

The ALL scope is recommended as the most comprehensive treatment of the extent of the data. However, you can choose from other available scopes.

###### Record the Names of Schemes in Use and Do Not Delete Them

Make sure to:

• Keep a record of which schemes you use to encrypt or transform which data. You need to use the same scheme to decrypt that data.

• Protect your active schemes. Consider exporting them to a secure location.

• Do not delete your active schemes.

Otherwise, you cannot decrypt the data.

###### System Encryption Schemes Enabled by Default

Privacera-supplied system encryption schemes are also enabled.

###### List of System Encryption Schemes

The following is a list of the Privacera-supplied system encryption schemes. The name of a scheme in general describes the type of data the scheme is designed to encrypt.

• SYSTEM_US_PHONE_FORMATTED

• SYSTEM_ACCOUNT

• SYSTEM_PERSON_NAME

• SYSTEM_SSN

• SYSTEM_EMAIL

• SYSTEM_CREDITCARD

###### Viewing the Encryption Schemes

To see the schemes, navigate to Encryption & Masking and click Schemes.

You can import, export, define new encryption schemes, or modify existing ones.

###### Formats, Algorithms, and Scopes

The formats, algorithms, and scopes associated with each scheme are described in Encryption formats, algorithms, and scopes

Here is a general description of some of these constructs.

###### Formats

For Privacera Encryption, a format refers to the datatype and structure of the input data to be encrypted, such as numeric, date, or credit card.

###### Algorithms

In general, there are two types of algorithms:

• Two-way encryption/decryption.

• One-way hashes.

One type of one-way transformation is the LITERAL replacement of data. This option replaces the specified data with the name of the tag associated with the data. For example, if a database field is tagged as PERSON_NAME, when an encryption transform is applied as LITERAL, the field's value is replaced with PERSON_NAME.

Using LITERAL means that the original data cannot be recovered.

###### Scopes

The ALL scope is recommended as the most comprehensive treatment of the extent of the data. However, you can choose from other available scopes.

###### Record the Names of Schemes in Use and Do Not Delete Them

Make sure to:

• Keep a record of which schemes you use to encrypt or transform which data. You need to use the same scheme to decrypt that data.

• Protect your active schemes. Consider exporting them to a secure location.

• Do not delete your active schemes.

Otherwise, you cannot decrypt the data.