About built-in classification policies

Last published : Apr 17, 2026

The built-in classification policies are arranged in the following groups.

Related information

Policies

Table: Corporate Compliance

Policy	Detects
Attorney Client Privileged Policy	Documents which are protected by attorney-client confidentiality.
Authentication Policy	Authentication information, such as user name and password credentials.
Auto-Generated Email Policy	Detects an email header commonly tied to auto-generated email from
	Microsoft Exchange and Exchange Online such as out of office replies,
	and read receipts.
Bribery Policy	Language in communication which suggests bribery or quid pro quo.
Company Confidential and Intellectual Property Policy	Documents that are confidential, secret, or internal-only, or that contain intellectual property source code.
Disclaimers Policy	Detects common e-mail disclaimers for confidential, contract, copyright, environment,
	external e-mail, financial, regulatory, liability, and promotional content.
Gifts and Entertainment Policy	Detects the offering or accepting of inappropriate gifts and entertainment. This policy aids in meeting compliance obligations for financial supervision.
Compensation Communication Policy	Communication about compensation.
Ethics and Code of Conduct Policy	Terms that may be unethical or against corporate code of conduct policy.
IP Address Policy	Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses.
Offensive Language Policy	Language containing curses, insults, racism, sexism, or other offensive content.
Offensive Terms Policy	Detects offensive and vulgar content. While some terms overlap, this
	policy contains different keywords and logic that those included in the
	Offensive Language Policy and Ethics and Code of Conduct Policy.
	Note: This policy is composed of two patterns: High Confidence: contains
	terms that tend to be more offensive and aggressive and Low
	Confidence: contains terms that are either less offensive and aggressive
	and/or are more likely to generate matches.
	Note: This is not a comprehensive list of all offensive terms. Nor are all
	connotations of the terms included in this policy considered offensive.
	Please update this policy to best address your requirements.
	Note: As a transparent policy, this policy and its patterns can be fully
	edited. To modify, copy the policy and/or the pattern and then edit as
	needed. It is a best practice to use Transparent Policies in conjunction
	with noise (junk) minimization techniques to reduce false positives. Please
	see online help for more assistance with transparent policies.
PCI-DSS Policy	Content that is subject to the Payment Card Industry Data Security Standard (PCI-DSS), including credit and debit card numbers.
Proposals / Bids Policy	Corporate proposal and bid documents.
Ransomware Policy	Ransom notes/demands/instructions from ransomware malware.
Resumes / CVs Policy	Detects resume and curriculum vitae (CV) documents.
Software Keys and Tokens Policy	Detect secret keys, tokens, and credentials used to authenticate usage of software APIs.
Workplace Harassment Policy	Content that may violate federal, state, local, corporate, and workplace or sexual harassment policies and regulations.
	This policy helps detect content subject to corporate/workplace policy and legislative regulations such as Title VII of the Civil Rights Act of 1964, California AB 1825 (Part of) Fair Employment and Housing Act, Connecticut Public Act No. 19-16 Time's Up Act, Delaware SB 360 (Part of) Delaware Discrimination in Employment Act (DDEA), Maine Revised Statutes Title 26, section 807 (Enhanced by) Maine Human Rights Act, New York Assembly Bill A8421 AKA Stop Sexual Harassment in NYC Act, and others.

Table: Financial Regulations

Policy	Detects
Anti-Money Laundering (AML) Policy (V2)	Potential signs and symptoms of money laundering presented in conversation. This policy matches based on word patterns. This policy is provided for content classification purposes only.
Bank Account Number Policy	Country-specific or international bank account numbers.
Credit Card Policy	Credit and debit cards.
Gramm-Leach-Bliley Act (GLBA) Policy	Personal financial information for Financial Services Modernization Act of 1999, also known as Gramm-Leach-Bliley Act (GLBA) or Public Law 106-102.
Market Abuse Policy	Detects key phrases of market abuse, specifically market manipulation
	and insider trading. This policy has been tuned to departments composed
	of licensed employees. In other departments, running this policy may
	produce a higher volume of false positives. As a transparent policy, this
	policy and its patterns can be fully edited. To modify, copy the policy
	and/or the pattern and then edit as needed. It is a best practice to use
	Transparent Policies in conjunction with noise (junk) minimization
	techniques to reduce false positives. Please see online help for more
	assistance with transparent policies.
Material Non-Public Information (MNPI) Policy (V2)	Potential signs and symptoms of material non-public information (MNPI) presented in conversation. This policy matches based on word patterns. This policy is provided for content classification purposes only.
Off-Channel Signaling Policy	Used to Detects Off-Channel Signaling in communication (language suggesting that a conversation is occurring on a non-monitored channel).
	The policy includes the following patterns:
	Signaling General Terms
	Signaling to Phone or Public Email Terms
	Signaling to SMS or Text Terms
	Signaling to Fileshares (for Citrix and Dropbox where both proximity logic and short phrases are used for detection)
	Policies and Patterns Arctera Classification Policies
	106
	Signaling to Low Frequency Channels (where the mere mention of the channel is used to trigger the policy)
	Signaling to Medium Frequency Channels (where both proximity logic and short phrases are used for detection)
	Signaling to High Frequency Channels (where channel name is common in communication (Facebook), or is a common word or initials (Element or IG). Short phrases are used for detection)
	RECOMMENDATION: Before enabling, review/edit this policy to ensure proper targeting of channels and activities as they relate to un/approved channels and policies at your firm. Click on the hyperlink to each pattern below to see the details as to which channels are included and which terms are used.
	As a transparent policy, this policy and its patterns can be fully edited. To modify, copy the policy and/or the pattern and then edit as needed. It is a best practice to use Transparent Policies in conjunction with noise (junk) minimization techniques to reduce false positives. Please see online help for more assistance with transparent policies.
United States Sarbanes-Oxley (SOX) Policy	Forms and terms related to the U.S. Sarbanes - Oxley Act of 2002 (SOX, Public Law 107).
Swiss Financial Market Supervision Act (FINMASA) Policy	Data elements subject to the Federal Act on the Swiss Financial Market Supervisory Authority 956.1, Financial Market Supervision Act (FINMASA)
SWIFT Codes Policy	Society for Worldwide Interbank Financial Telecommunication (SWIFT) codes, also known as Bank Identifier Codes (BIC), Business Identifier Codes (BIC), or ISO 9362, and related content.
U.S. SEC Regulation Best Interest (RegBI) Policy	Potential signs and symptoms of communications to be reviewed for compliance with U.S. Securities and Exchange Commission (SEC) Regulation Best Interest (RegBI) rule. This policy matches based on word patterns. This policy is provided for content classification purposes only.
United States Financial Forms / Documents Policy	U.S. financial forms and documents.

Table: Health Regulations

Policy	Detects
Australia Individual Healthcare Identifier (IHI) Policy	Australia Individual Healthcare Identifiers (IHI) and related content.
Canada Healthcare Identifiers Policy	Canada Healthcare Identifiers and related content.
Coronavirus (COVID) Policy	Coronavirus disease names and related terms. This policy template can be extended with additional data elements to find content containing Coronavirus/COVID in specific contexts. For example, patient health, financial benefits, and so on.
ICD 10 Diagnosis Policy	Detect International Classification of Diseases (ICD) 10 diagnosis indexes (textual names) and codes (alpha-numeric).
Medical Diagnosis - Allergy Policy	Proposes possible Allergy medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Anemia Policy	Proposes possible Anemia medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Anxiety Policy	Proposes possible Anxiety medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Appendicitis Policy	Proposes possible Appendicitis medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Bladder Infection Policy	Proposes possible Bladder Infection medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Blood Clot Policy	Proposes possible Blood Clot medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Brain Tumor Policy	Proposes possible Brain Tumor medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Breast Cancer Policy	Proposes possible Breast Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Cervical Cancer Policy	Proposes possible Cervical Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Colon Cancer Policy	Proposes possible Colon Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Dengue Policy	Proposes possible Dengue medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Depression Policy	Proposes possible Depression medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Diabetes Policy	Proposes possible Diabetes medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Female Sexually Transmitted Disease (STD) Policy	Proposes possible Female Sexually Transmitted Disease (STD) medical
	condition or diagnosis based on medical signs and symptoms presented in
	a form or in conversation. This policy matches based on English patterns
	and offers limit recommendation capabilities. This policy is provided for
	content classification purposes only. Patients should consult a qualified
	physician for all diagnosis and treatment.
Medical Diagnosis - Heart Attack Policy	Proposes possible Heart Attack medical condition or diagnosis based on medical
	signs and symptoms presented in a form or in conversation. This policy matches
	based on English patterns and offers limit recommendation capabilities. This policy
	is provided for content classification purposes only. Patients should consult a
	qualified physician for all diagnosis and treatment.
Medical Diagnosis - Hernia Policy	Proposes possible Hernia medical condition or diagnosis based on medical signs
	and symptoms presented in a form or in conversation. This policy matches based
	on English patterns and offers limit recommendation capabilities. This policy is provided
	for content classification purposes only. Patients should consult a qualified
	physician for all diagnosis and treatment.
Medical Diagnosis - Herpes Policy	Proposes possible Herpes medical condition or diagnosis based on medical signs
	and symptoms presented in a form or in conversation. This policy matches based
	on English patterns and offers limit recommendation capabilities. This policy is provided
	for content classification purposes only. Patients should consult a qualified
	physician for all diagnosis and treatment.
Medical Diagnosis - HIV/AIDS Policy	Proposes possible HIV/AIDS medical condition or diagnosis based on
	medical signs and symptoms presented in a form or in conversation. This
	policy matches based on English patterns and offers limit recommendation
	capabilities. This policy is provided for content classification purposes
	only. Patients should consult a qualified physician for all diagnosis and
	treatment.
Medical Diagnosis - Hypertension / High Blood Pressure Policy	Proposes possible Hypertension or High Blood Pressure medical condition or diagnosis
	based on medical signs and symptoms presented in a form or in conversation.
	This policy matches based on English patterns and offers limit recommendation
	capabilities. This policy is provided for content classification purposes only.
	Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Irritable Bowel Syndrome (IBS) Policy	Proposes possible Irritable Bowel Syndrome (IBS) medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Kidney Stone Policy	Proposes possible Kidney Stone medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Leukemia Policy	Proposes possible Leukemia medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Lung Cancer Policy	Proposes possible Lung Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Lupus Policy	Proposes possible Lupus medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Lyme Disease Policy	Proposes possible Lyme Disease medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Male Sexually Transmitted Disease (STD) Policy	Proposes possible Male Sexually Transmitted Disease (STD) medical
	condition or diagnosis based on medical signs and symptoms presented in
	a form or in conversation. This policy matches based on English patterns
	and offers limit recommendation capabilities. This policy is provided for
	content classification purposes only. Patients should consult a qualified
	physician for all diagnosis and treatment.
Medical Diagnosis - Menopause Policy	Proposes possible Menopause medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Mononucleosis Policy	Proposes possible Mononucleosis medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Ovarian Cancer Policy	Proposes possible Ovarian Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Pancreatic Cancer Policy	Proposes possible Pancreatic Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Pneumonia Policy	Proposes possible Pneumonia medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Pregnancy Policy	Proposes possible Pregnancy medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Prostate Cancer Policy	Proposes possible Prostate Cancer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Sinus Infection Policy	Proposes possible Sinus Infection medical condition or diagnosis based on medical
	signs and symptoms presented in a form or in conversation. This policy matches
	based on English patterns and offers limit recommendation capabilities. This policy
	is provided for content classification purposes only. Patients should consult a
	qualified physician for all diagnosis and treatment.
Medical Diagnosis - Stomach Ulcer Policy	Proposes possible Stomach Ulcer medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Strep Throat Policy	Proposes possible Strep Throat medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
Medical Diagnosis - Urinary Tract Infection Policy	Proposes possible Urinary Tract Infection medical condition or diagnosis
	based on medical signs and symptoms presented in a form or in
	conversation. This policy matches based on English patterns and offers
	limit recommendation capabilities. This policy is provided for content
	classification purposes only. Patients should consult a qualified physician
	for all diagnosis and treatment.
Medical Diagnosis - Yeast Infection Policy	Proposes possible Yeast Infection medical condition or diagnosis based on medical signs and symptoms presented in a form or in conversation. This policy matches based on English patterns and offers limit recommendation capabilities. This policy is provided for content classification purposes only. Patients should consult a qualified physician for all diagnosis and treatment.
United States Medical Record Number Policy	Medical record numbers (generically).
United States California Confidentiality of Medical Information Act (CMIA) Policy	Individually identifiable medical information for United States California Confidentiality of Medical Information Act (CMIA), specified in California Civil Code §§56.
U.S. Drug Enforcement Agency (DEA) Number Policy	U.S. Drug Enforcement Agency (DEA) numbers and related content.
US Stock Financial Advice Policy	Detect US stocks along with emojis which may suggest financial
	advice.
United States Health Insurance Portability and Accountability Act (HIPAA) Policy	Electronic patient health information (ePHI) information for United States Health Insurance Portability and Accountability Act ‎(HIPAA)‎, also known as Public Law 104-191.
US-COVID-19 Policy	Look for indications of Corona Virus related content.
US-COVID-19 ICD-10-CM Diagnosis Indexes (CDC Feb-Apr-2020) Policy	Detect COVID-19 specific ICD-10-CM diagnosis indexes per Feb 20, 2020 CDC Guidelines.
	https://www.cdc.gov/nchs/data/icd/ICD-10-CM-Official-Coding-Gudance-Interim-Advice-coronavirus-feb-20-2020.pdf
	https://www.cdc.gov/nchs/data/icd/Announcement-New-ICD-code-for-coronavirus-3-18-2020.pdf
	https://www.cdc.gov/nchs/data/icd/COVID-19-guidelines-final.pdf
	Policy version 04242020-1
US-COVID-19 ICD-10-CM Diagnosis Indexes possibly leading to COVID-19 (CDC-Feb-Apr-2020) Policy	Detect ICD-10-CM Diagnosis Indexes potentially leading to COVID-19 Per Feb & Apr 2020 CDC Guidelines.
	https://www.cdc.gov/nchs/data/icd/ICD-10-CM-Official-Coding-Gudance-Interim-Advice-coronavirus-feb-20-2020.pdf
	https://www.cdc.gov/nchs/data/icd/Announcement-New-ICD-code-for-coronavirus-3-18-2020.pdf
	https://www.cdc.gov/nchs/data/icd/COVID-19-guidelines-final.pdf
	Policy version 04242020-1
US-COVID-19 ICD-10-CM Exposure Diagnosis Index (CDC Feb-Apr-2020) Policy	Detect COVID-19 ICD-10-CM diagnosis index for when where there is an actual exposure to someone who is confirmed or suspected (not ruled out) to have COVID-19. Per Feb 20, 2020 CDC Guidelines.
	https://www.cdc.gov/nchs/data/icd/ICD-10-CM-Official-Coding-Gudance-Interim-Advice-coronavirus-feb-20-2020.pdf
	https://www.cdc.gov/nchs/data/icd/Announcement-New-ICD-code-for-coronavirus-3-18-2020.pdf
	https://www.cdc.gov/nchs/data/icd/COVID-19-guidelines-final.pdf
	Policy version 04242020-1
US-COVID-19 ICD-10-CM Ruled Out Diagnosis Index (CDC Feb-Apr-2020) Policy	Detect COVID-19 ICD-10-CM diagnosis index for cases where there is a concern about a possible exposure to COVID-19 but it is ruled out.. Per Feb 20, 2020 CDC Guidelines.
	https://www.cdc.gov/nchs/data/icd/ICD-10-CM-Official-Coding-Gudance-Interim-Advice-coronavirus-feb-20-2020.pdf
	https://www.cdc.gov/nchs/data/icd/Announcement-New-ICD-code-for-coronavirus-3-18-2020.pdf
	https://www.cdc.gov/nchs/data/icd/COVID-19-guidelines-final.pdf
	Policy version 04242020-1
US-COVID-19 ICD-10-CM Signs and Symptoms Diagnosis Indexes (CDC Feb-Apr-2020) Policy	Detect COVID-19 specific ICD-10-CM signs and symptoms diagnosis indexes where a definitive diagnosis has not been established. Per Feb 20, 2020 CDC Guidelines.
	https://www.cdc.gov/nchs/data/icd/ICD-10-CM-Official-Coding-Gudance-Interim-Advice-coronavirus-feb-20-2020.pdf
	https://www.cdc.gov/nchs/data/icd/Announcement-New-ICD-code-for-coronavirus-3-18-2020.pdf
	https://www.cdc.gov/nchs/data/icd/COVID-19-guidelines-final.pdf
	Policy version 04242020-1

Table: International Regulations

Policy	Detects
Australia Drivers License Number Policy	Australian driver's license numbers.
Australia Passport Policy	Australian passport numbers.
Australia Tax Policy	Australian tax file number and related content.
Canada Drivers License Number Policy	Canadian driver's license numbers.
Canada Passport Policy	Canadian passport numbers.
Canada Social Insurance Number Policy	Canadian social insurance numbers.
France National ID Policy	French National Identifiers and related content.
Italy Codice Fiscale Policy	Italian Codice Fiscale numbers, also known as Italian fiscal code card numbers.
Switzerland National ID Policy	Swiss National Identifiers and related content.
U.K. Drivers License Number Policy	U.K. driver's license numbers and related content.
U.K. National ID Policy	U.K. National Identifiers and related content.
U.K. National Insurance Number (NINO) Policy	U.K. National Insurance number and related content.
U.K. Passport Number Policy	U.K. passport number and related content.
U.K. Unique Tax Reference (UTR) Policy	U.K. Unique Tax Reference (UTR) number and related content.
United States Drivers License Number Policy	U.S. driver's license numbers.
United States Passport Policy	U.S. passport and passport card numbers.
United States Social Security Number (SSN) and Taxpayer ID Policy	U.S. taxpayer identification numbers. This is typically the U.S. Social Security Number (SSN).

Language detection

By default, Arctera Insight Classification determines the language in a message if there are at least 80 characters. Starting with release 2.4.0, the administrators can configure the minimum number of characters and a higher or lower confidence level for language detection. When multiple languages are present in small files, the administrator can specify a smaller size of each chunk that language detection is performed on. With this enhancement, Arctera Insight Classification attempts to detect languages with the configurable parameters.

Starting with release 3.0.0, you can create custom primary language detection policies for languages other than the languages part of the built-in Language Detection policies.

Table: Language Detection

Policy	Detects
Multiple Languages Policy	Multiple languages are detected.
Primary Language - Arabic Policy	Primary language detected is Arabic.
Primary Language - Bengali Policy	Primary language detected is Bengali.
Primary Language - Chinese Policy	Detects primary language - Chinese.
Primary Language - Czech Policy	Primary language detected is Czech.
Primary Language - Danish Policy	Primary language detected is Danish.
Primary Language - Dutch Policy	Primary language detected is Dutch.
Primary Language - English Policy	Primary language detected is English.
Primary Language - Finnish Policy	Primary language detected is Finnish.
Primary Language - French Policy	Primary language detected is French.
Primary Language - German Policy	Primary language detected is German.
Primary Language - Greek Policy	Primary language detected is Greek.
Primary Language - Hebrew Policy	Primary language detected is Hebrew.
Primary Language - Hindi Policy	Primary language detected is Hindi.
Primary Language - Hungarian Policy	Primary language detected is Hungarian.
Primary Language - Indonesian (Bahasa) Policy	Primary language detected is Indonesian (Bahasa).
Primary Language - Italian Policy	Primary language detected is Italian.
Primary Language - Japanese Policy	Primary language detected is Japanese.
Primary Language - Korean Policy	Primary language detected is Korean.
Primary Language - Norwegian Policy	Primary language detected is Norwegian.
Primary Language - Persian (Farsi) Policy	Primary language detected is Persian (Farsi).
Primary Language - Polish Policy	Primary language detected is Polish.
Primary Language - Portuguese Policy	Primary language detected is Portuguese.
Primary Language - Romanian Policy	Primary language detected is Romanian.
Primary Language - Russian Policy	Primary language detected is Russian.
Primary Language - Slovak Policy	Primary language detected is Slovak.
Primary Language - Spanish Policy	Primary language detected is Spanish.
Primary Language - Swedish Policy	Primary language detected is Swedish.
Primary Language - Tagalog (Filipino) Policy	Primary language detected is Tagalog (Filipino).
Primary Language - Thai Policy	Primary language detected is Thai.
Primary Language - Turkish Policy	Primary language detected is Turkish.
Primary Language - Unknown Policy	Primary language detected is Unknown.
Primary Language - Urdu Policy	Primary language detected is Urdu.
Primary Language - Vietnamese Policy	Primary language detected is Vietnamese.

Table: Personally Identifiable Information

Policy	Detects
Argentina Personal Data Policy	Personal data as defined by Argentina's Personal Data Protection Law No. 25,326 (PDPL), Argentina Bill No. MEN-2018-147-APN-PTE, and a general similarity to the European General Data Protection Regulation (GDPR).
Australia Personal Data Policy	Personal data or personal information as defined by Australia's Federal Privacy Act 1988 (Privacy Act), Privacy (Tax File Number) Rule 2015, Taxation Administration Act 1953, , and cross-compatibility with European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Austria Personal Data Policy	Personal data as defined by the Data Protection Act 2000 (DSG 2000), Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Belgium Personal Data Policy	Personal data applicable to Belgium's Data Protection Directive (DPL), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Bolivia Personal Data Policy	Detects personal data as defined by Bolivia Political Constitution of the Plurinational State of Bolivia, in Article Nº130, Bolivia Bill of Personal Data Protection, Bolivia Law 145 - Personal Identification Registry, and a general similarity to the European General Data Protection Regulation (GDPR).
Brazil Personal Data Policy	Personal data applicable to Brazil's General Data Privacy Law, Law No. 13,709, Lei Geral de Proteção de Dados Pessoais (LGPD), and a general similarity to the European General Data Protection Regulation (GDPR).
Bulgaria Personal Data Policy	Personal data as defined by Bulgaria's Personal Data Protection Act, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Canada Personal Data (PIPEDA) Policy	Personal data as defined by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the Data Privacy Act, the Model Care for the Protection of Personal Information, and a general similarity to the European General Data Protection Regulation (GDPR).
Chile Personal Data Policy	Personal data as defined by Chile's Privacy Protection Law, N° 19.628
	(1999) ("Personal Data Protection Law"), Law N°21.096 on the right to the protection
	of personal data (June/2018), Article 19 N°4 of the Chilean Constitution,
	Law N°21.081 Article 1 N°39 (2018) on consumer rights protection, and a general
	similarity to the European General Data Protection Regulation (GDPR).
China Personal Data Policy	Personal data as defined by China Personal Information Protection Law (PIPL), China National People's Congress (NPC) Cybersecurity Law, China National Information Security Standardization Technical Committee (TC260) Personal Information Security Specification, and a general similarity to the European General Data Protection Regulation (GDPR).
Colombia Personal Data Policy	Personal data as defined by Articles 15 and 20 of Colombia's Constitution, Colombia Statutory Law 1266 of 2008, Colombia Statutory Law 1581 of 2012, Colombia Law 2157 of 2021, Colombia Decree 1377 of 2013, Colombia Decree 886 of 2014, and a general similarity to the European General Data Protection Regulation (GDPR).
Croatia Personal Data Policy	Personal data as defined by Croatia's Personal Data Protection Law ("DP Law") nos. 103/2003, 118/2006, 41/2008 and 130/2011, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Cyprus Personal Data Policy	Personal data as defined by Cyprus' Processing of Personal Data (Protection of the Individual) Law 138(I)/2001, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Czech Republic Personal Data Policy	Personal data as defined by the Czech Republic's Protection of Personal Data Act No. 101/2000 Coll. (PPD Act), Act on Certain Aspects of Information Society Services Information No. 480/2004 Coll., Electronic Communications Act No. 127/2005 Coll., European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Denmark Personal Data Policy	Personal data applicable to Denmark's Act on Processing of Personal Data (APPD), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Egypt Personal Data Policy	Personal data as defined by Egypt Data Protection Law (Resolution/Law No. 151 of 2020), and a general similarity to the European General Data Protection Regulation (GDPR).
El Salvador Personal Data Policy	Detects personal data as defined by El Salvador's Personal Data
	Protection Act, Personal Data Law, Law for the Regulation of Information
	Services on People's Credit History, and a general similarity to the
	European General Data Protection Regulation (GDPR).
Ecuador Personal Data Policy	Personal data as defined by Ecuador's Organic Law on Personal Data
	Protection, Constitution of the Republic of Ecuador, and a general similarity to the
	European General Data Protection Regulation (GDPR).
Estonia Personal Data Policy	Personal data as defined by Estonia's Personal Data Protection Act, Electronic Communications Act, the Information Society Services Act, Directives 2002/58 and 2009/136/EC on Privacy and Electronic Communications, Electronic Communications Act, Directive 2006/24/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Finland Personal Data Policy	Personal data as defined by Finland's Constitution (731/1999), the Personal Data Act (523/1999) (henkilötietolaki) (PDA), the Act on the Data Protection Board and the Data Protection Ombudsman (389/1994), Information Society Code (917/2014) (ISC), the Act on the Protection of Privacy in Working Life (759/2004) (WPA), Credit Data Act (527/2007) (CDA), Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
France Personal Data Policy	Personal data applicable to France's Federal and State laws, including France's Act No 78-17 on Information Technology, Data Files and Civil Liberties (DPA), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Germany Personal Data Policy	Detects personal data applicable to Germany's Federal and State laws,
	including Germany's Federal Data Protection Act (BDSG), European
	Privacy Directive 95/46/EC on data protection (Data Protection Directive),
	and the European General Data Protection Regulation (GDPR).
Greece Personal Data Policy	Personal data as defined by Greece's Data Protection Act no 2472/1999 (DPA), Directive 2002/58/EC (Privacy and Electronic Communications Directive), implemented by Law no 3471/2006 on the protection of personal data and privacy in the telecommunications sector (TDPA), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Guatemala Personal Data Policy	Detects personal data as defined by Guatemala's Law of Access to Public Information, Political Constitution of the Republic of Guatemala 1985, and a general similarity to the European General Data Protection Regulation (GDPR).
Hong Kong Personal Data Policy	Personal data as defined by Hong Kong's Personal Data (Privacy) Ordinance (PDPO), Laws of Hong Kong (Cap 486) (PDPO), and a general similarity to the European General Data Protection Regulation (GDPR).
Honduras Personal Data Policy	Detects personal data as defined by Honduras's Constitution of the Republic of
	Honduras. Article 76, 100 and 182, Law of the National Civil Registry. Decree
	No. 62-2004, Draft of Law on Protection of Personal Data (not yet in force), and a
	general similarity to the European General Data Protection Regulation (GDPR).
Hungary Personal Data Policy	Personal data as defined by Hungary's Act No. CXII on the Right to Informational Self Determination and Freedom of Information, Act XLVII on Processing and Protection of Medical and Other Related Personal Data (Medical Data Act), Act LXVI on Personal Data and Address Records of Citizens, Act C on Electronic Communications (Electronic Communications Act), Act CXIX on Processing of Name and Address Data for Research and Direct Marketing Purposes, Act CXII on Credit Institutions and Financial Undertakings (Credit Institutions Act), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Iceland Personal Data Policy	Personal data applicable to Iceland's Data Protection Directive; detects personal data applicable to European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
India Personal Data Policy	Personal data as defined by India's Personal Data Protection Bill (DPB) 2019, India's Information Technology Act 2000, and a general similarity to the European General Data Protection Regulation (GDPR).
Indonesia Personal Data Policy	Personal data as defined by Indonesia's Law No. 11 of 2008 on Electronic Information and Transaction, as amended by Law No. 19 of 2016 regarding the Amendment of EIT Law ("EIT Law Amendment"), Government Regulation No. 71 of 2019 regarding Provisions of Electronic Systems and Transactions, Minister of Communication & Informatics Regulation No. 20 of 2016 regarding the Protection of Personal Data in an Electronic System, and a general similarity to the European General Data Protection Regulation (GDPR).
Ireland Personal Data Policy	Personal data as defined by Ireland's Data Protection Act 1988, the Data Protection (Amendment) Act 2003 (DPA), European Communities (Electronic Communications Networks and Services) Regulations 2011 (Privacy and Electronic Communications) (e-Privacy Regulations), Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Israel Personal Data Policy	Personal data applicable to Israel's Protection of Privacy (Information Security) Regulations 5767-2017, Protection of Privacy Law 5741-1981, and a general similarity to the European General Data Protection Regulation (GDPR).
Italy Personal Data Policy	Personal data applicable to Italy's Legislative Decree No. 196/2003, which contains the Italian Personal Data Protection Code (Code), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Japan Personal Data Policy	Personal data as defined by Japan's Act on the Protection of Personal Information ("APPI"), and cross-compatibility with European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Kenya Personal Data Policy	Detects personal data as defined by Kenya Data Protection (Compliance & Enforcement) Regulation 2021, Data Protection (Registration of Data Controllers & Data Processors) Regulation 2021, Data Protection (General) Regulations 2021, and a general similarity to the European General Data Protection Regulation (GDPR).
Kingdom of Saudi Arabia Personal Data Policy	Personal data as defined by Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) (implemented by Royal Decree M/19 of 9/2/1443H (16 September 2021) ) and a general similarity to the European General Data Protection Regulation (GDPR).
Kuwait Personal Data Policy	Personal data as defined by a general similarity to the European General Data Protection Regulation (GDPR).
Latvia Personal Data Policy	Personal data as defined by Latvia's Personal Data Protection Law, Personal Data Act, Law on Electronic Communications, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Lithuania Personal Data Policy	Personal data as defined by Lithuania's Law on Legal Protection of Personal Data ("Data Protection Law"), Law No. I-1374 and X-1444, Data Retention Directive 2006/24/EC, Law on Electronic Communications ("Electronic Communications Law"), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Luxembourg Personal Data Policy	Personal data as defined by Luxembourg's protection of persons with regard to the processing of personal data (Data Protection Law), Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Malaysia Personal Data Policy	Personal data as defined by Malaysia Personal Data Protection Act 2010 and a general similarity to the European General Data Protection Regulation (GDPR).
Malta Personal Data Policy	Personal data as defined by Malta's Data Protection Act, Processing of Personal Data (Electronic Communications Sector) Regulations, Notification and Fees (Data Protection Act) Regulations, Processing of Personal Data (Protection of Minors) Regulations, Data Protection (Processing of Personal Data in the Police Sector) Regulations, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Mexico Personal Data Policy	Personal data as defined by Mexico's Federal Law on the Protection of Personal Data held by Private Parties, Privacy Notice Guidelines (April 2013), Recommendations on Personal Data Security (November 2013), Parameters for Self-Regulation regarding personal data (May 2014), General Law for the Protection of Personal Data in Possession of Obligated Subjects, and a general similarity to the European General Data Protection Regulation (GDPR).
Netherlands Personal Data Policy	Personal data applicable to Netherlands for Dutch Data Protection Act, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
New Zealand Personal Data Policy	Detects personal data as defined by New Zealand's Personal Data Protection Act, Personal Data Law, Law for the Regulation of Information Services on People's Credit History, and a general similarity to the European General Data Protection Regulation (GDPR)
New Zealand Sensitive Data Policy	Detects sensitive data for New Zealand as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR)
Nigeria Personal Data Policy	Detects personal data as defined by Nigeria's Data Protection Act of 2023, and cross-compatibility with European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Nigeria Sensitive Data Policy	Detects sensitive data for Nigeria as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR)
Norway Personal Data Policy	Personal data applicable to Norway's Personal Data Act (PDA), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Panama Personal Data Policy	Description Detects personal data as defined by Panama's Law 81 on the Protection of Personal
	Data, and a general similarity to the European General Data Protection Regulation
	(GDPR).
Peru Personal Data Policy	Personal data as defined by Peru Personal Data Protection Law - Law
	N° 29733, Political Constitution of Peru, and a general similarity to the European
	General Data Protection Regulation (GDPR).
Poland Personal Data Policy	Personal data as defined by Poland's Personal Data Protection Act of August 1997 (PDPA), Telecommunications Act of July 2004, Telecommunications Act of July 2004, Insurance and Reinsurance Activity Act of September 2015, Act on Providing Services by Electronic Means of July 2002, Labour Code of June 1974, the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Portugal Personal Data Policy	Personal data as defined by the Data Protection Act (DPA) for Portuguese Law 67/98 (Data Protection Act), the Portuguese Constitution (Article 35 on the use of computerised data), Law 41/2004 implementing Directive 2002/58/EC on the protection of privacy in the electronic communications sector (E-Privacy Directive), Law 46/2012 implementing Directive 2002/22/EC on universal service and users' rights (Universal Service Directive), Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Romania Personal Data Policy	Personal data as defined by Romania's Data Protection Law No. 677/2001 ("DPL"), Romanian E-Privacy Law No. 506/2004, E-Privacy Directive 2002/58/EC, Romanian E-commerce Law No. 365/2002, Electronic Commerce Directive 2000/31/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Russia Personal Data Policy	Personal data applicable to Russia Federal Law on Personal Data (No. 152-FZ), and Russian Code on Administrative Infractions (No.195-FZ).
Singapore Personal Data Policy	Personal data as defined by Singapore's Personal Data Protection Act (PDPA), numerous laws relating to the processing of personal data in the public sector that apply to everyone, including secrecy and disclosure laws in the Official Secrets Act and the Electronic Transactions Act, and cross-compatibility with European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Slovakia Personal Data Policy	Personal data as defined by Slovakia's Act no. 122/2013 on Personal Data Protection, Act no. 84/2014 on Personal Data Protection, Law no. 136/2014 in Slovak Republic's Collection of Laws, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Slovenia Personal Data Policy	Personal data as defined by Slovenia's Personal Data Protection Act ("ZVOP-1" and "ZVOP-2"), Law no. 86/2004, Law no. 113/05, Law no. 51/07, Law no. 67/07, Law no. 94/07, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
South Africa Personal Data Policy	Personal data applicable to South Africa Protection of Personal Information Act (POPIA / POPI).
South Korea Personal Data Policy	Personal data as defined by South Korea's Personal Information Protection Act (Act No. 16930, Feb. 4, 2020), Enforcement Decree of the Personal Information Protection Act (Presidential Decree No. 30892, Aug. 04, 2020), Act on the Lapse of Criminal Sentences (Act No. 15258, Dec. 19, 2017, Partial Amendment), and a general similarity to the European General Data Protection Regulation (GDPR).
Spain Personal Data Policy	Personal data applicable to Spain's Data Protection Act (Law 15/1999 on the protection of personal data), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Sweden Personal Data Policy	Personal data applicable to Sweden for Swedish Personal Data Act (PDA), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Switzerland Personal Data Policy	Personal data as defined by Switzerland's Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP) at the Swiss federal and canton levels, Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC, European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Taiwan Personal Data Policy	Personal data as defined by Taiwan Personal Data Protection Act, Enforcement Rules of the Personal Data Protection Act, and a general similarity to the European General Data Protection Regulation (GDPR).
Thailand Personal Data Policy	Personal data as defined by Thailand's Personal Data Protection Act ("PDPA"), and a general similarity to the European General Data Protection Regulation (GDPR).
Turkey Personal Data Policy	Personal data applicable to Turkey's Law on Protection of Personal Data No 6698 (Data Protection Law, KVKK), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
U.K. Personal Data Policy	Personal data applicable to United Kingdom's Data Protection Act 1998 (DPA), European Privacy Directive 95/46/EC on data protection (Data Protection Directive), and the European General Data Protection Regulation (GDPR).
Ukraine Personal Data Policy	Personal data applicable to Ukraine "On Personal Data Protection" Law ("Data Protection Law") No. 2297 VI, No. 5491-VI, and No. 383-VII.
United States Personal Data Policy	Personal data applicable to United States's Federal and State laws, including The Federal Trade Commission Act (FTC Act), the Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB/GLBA)), the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), among many others.
United Arab Emirates (UAE) Personal Data Policy	Personal data as defined by United Arab Emirates (UAE) Article 379 of the UAE Penal Code, Cyber Crime Law (Federal Law 5 of 2012 regarding Information Technology Crime Control) (amended by Federal Law No. 12 of 2016 and Federal Decree-Law No. 2 of 2018), and general similarity to the European General Data Protection Regulation (GDPR).
Venezuela Personal Data Policy	Personal data as defined by Venezuela's Constitution of the Bolivarian Republic
	of Venezuela (1998), Venezuela's International Covenant on Civil and Political
	Rights (1978), Venezuela's Act for the Protection of the Privacy of Communications
	(1991), Venezuela's Act for the Protection of Girls, Boys and Adolescents
	(2000), and a general similarity to the European General Data Protection Regulation
	(GDPR).
Vietnam Personal Data Policy	Personal data as defined by Vietnam's Draft Decree on Personal Data Protection in Vietnam dated February 9, 2021, the Constitution of the Socialist Republic of Vietnam 2013, Vietnam's Civil Code 2015, Vietnam's Criminal Code No. 100/2015/QH13 (November 27, 2015), Vietnam's Criminal Procedure Code Law No. 101/2015/QH13 (November 27, 2015), Vietnam's Law on Protection of Consumers' Rights No. 59/2010/QH12 (November 17, 2010), and a general similarity to the European General Data Protection Regulation (GDPR).

Table: Special Category Data

Policy	Detects
Argentina Sensitive Data Policy	Argentina-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Australia Sensitive Data Policy	Australia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Austria Sensitive Data Policy	Austria-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Belgium Sensitive Data Policy	Belgium-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Bolivia Sensitive Data Policy	Detects sensitive data for Bolivia as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Brazil Sensitive Data Policy	Brazil-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Bulgaria Sensitive Data Policy	Bulgaria-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Canada Sensitive Data Policy	Canada-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Chile Sensitive Data Policy	Chile-specific sensitive data as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
China Sensitive Data Policy	China-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Colombia Sensitive Data Policy	Colombia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Croatia Sensitive Data Policy	Croatia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Cyprus Sensitive Data Policy	Cyprus-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Czech Republic Sensitive Data Policy	Czech Republic-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Denmark Sensitive Data Policy	Denmark-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Egypt Sensitive Data Policy	Egypt-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
El Salvador Sensitive Data Policy	Detects sensitive data for El Salvador as defined by the European Privacy
	Directive 95/46/EC on data protection (Data Protection Directive) and the
	European General Data Protection Regulation (GDPR)
Ecuador Sensitive Data Policy	Ecuador-specific sensitive data as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Estonia Sensitive Data Policy	Estonia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Finland Sensitive Data Policy	Finland-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
France Sensitive Data Policy	France-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Germany Sensitive Data Policy	Detects sensitive data for Germany as defined by the European Privacy
	Directive 95/46/EC on data protection (Data Protection Directive) and the
	European General Data Protection Regulation (GDPR).
Greece Sensitive Data Policy	Greece-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Guatemala Sensitive Data Policy	Detects sensitive data for Guatemala as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Honduras Sensitive Data Policy	Detects sensitive data for Honduras as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Hong Kong Sensitive Data Policy	Hong Kong-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Hungary Sensitive Data Policy	Hungary-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Iceland Sensitive Data Policy	Iceland-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
India Sensitive Data Policy	India-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Indonesia Sensitive Data Policy	Indonesia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Ireland Sensitive Data Policy	Ireland-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Israel Sensitive Data Policy	Israel-sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Italy Sensitive Data Policy	Italy-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Japan Sensitive Data Policy	Japan-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Kenya Sensitive Data Policy	Detects sensitive data for Kenya as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Kingdom of Saudi Arabia Sensitive Data Policy	Kingdom of Saudi Arabia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Kuwait Sensitive Data Policy	Kuwait-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Latvia Sensitive Data Policy	Latvia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Lithuania Sensitive Data Policy	Lithuania-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Luxembourg Sensitive Data Policy	Luxembourg-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Malaysia Sensitive Data Policy	Malaysia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Malta Sensitive Data Policy	Malta-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Mexico Sensitive Data Policy	Mexico-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Māori Te Mana Raraunga Policy	Detects text that may be subject to protection under the Māori's (New Zealand indigenous people) Te Mana Raraunga. This policy matches based on word patterns. This policy is provided for content classification purposes only.
Netherlands Sensitive Data Policy	Netherlands-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Norway Sensitive Data Policy	Norway-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Panama Sensitive Data Policy	Detects sensitive data for Panama as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Peru Sensitive Data Policy	Peru-specific sensitive data as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Poland Sensitive Data Policy	Poland-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Portugal Sensitive Data Policy	Portugal-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Romania Sensitive Data Policy	Romania-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Russia Sensitive Data Policy	Russia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Singapore Sensitive Data Policy	Singapore-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Slovakia Sensitive Data Policy	Slovakia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Slovenia Sensitive Data Policy	Slovenia-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
South Africa Sensitive Data Policy	South Africa-specific sensitive data as defined by the South Africa Protection of Personal Information Act (POPIA / POPI), the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
South Korea Sensitive Data Policy	South Korea-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Spain Sensitive Data Policy	Spain-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Sweden Sensitive Data Policy	Sweden-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Switzerland Sensitive Data Policy	Switzerland-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Taiwan Sensitive Data Policy	Taiwan-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Thailand Sensitive Data Policy	Thailand-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Turkey Sensitive Data Policy	Turkey-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
U.K. Sensitive Data Policy	U.K.-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Ukraine Sensitive Data Policy	Ukraine-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
United States Sensitive Data Policy	U.S.-sensitive data as defined by the California Consumer Privacy Act of 2018 (CCPA).
United Arab Emirates (UAE) Sensitive Data Policy	United Arab Emirates (UAE) specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).
Venezuela Sensitive Data Policy	Venezuela-specific sensitive data as defined by the European Privacy Directive
	95/46/EC on data protection (Data Protection Directive) and the European General
	Data Protection Regulation (GDPR).
Vietnam Sensitive Data Policy	Vietnam-specific sensitive data as defined by the European Privacy Directive 95/46/EC on data protection (Data Protection Directive) and the European General Data Protection Regulation (GDPR).

Table: Transparent

Policy	Detects
Client Concerns Policy	**This policy is rebranded and updated from Customer Complaints
	Policy**
	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision. This policy covers concerns associated to the
	following categories:
	- Communication
	- Employee Error
	- Fees and Commissions
	- General Concerns
	- Legal
	- Negative Language
	- Operational
	- Performance and Losses
	- Promises and Guarantees
	- Trade Execution
	- Unauthorized Activity
	In addition, each one of these categories also has a discrete transparent
	policy made from the same keywords found in this policy.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Communication Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Communication
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Employee Error Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Employee Error
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Fees and Commissions Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Fees and Commissions
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - General Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- General Concerns
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Legal Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Legal Concerns
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Negative Language Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Negative Language
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Operational Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Operational Concerns
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Performance and Losses Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Performance and Losses
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Promises and Guarantees Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Promises and Guarantees
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Trade Execution Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Trade Execution
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Client Concerns - Unauthorized Activity Policy	Detect keywords and use sentiment analysis to identify potential alerts for
	financial supervision.
	This policy covers concerns associated to:
	- Unauthorized Activity
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Communication - 1on1 Policy	Classifies items with only one recipient.
	As a transparent policy, the policy logic is shared for verification, modification, inclusion, or exclusion of additional criteria. Please see online help for more assistance with transparent policies
Communication - Small Group Policy	Classifies items with only one recipient.
	As a transparent policy, the policy logic is shared for verification, modification, inclusion, or exclusion of additional criteria. Please see online help for more assistance with transparent policies.
Communication - Large Group Policy	Classifies items with 10 or more recipients.
	As a transparent policy, the policy logic is shared for verification, modification, inclusion, or exclusion of additional criteria. Please see online help for more assistance with transparent policies.
Emoji - Angry or Frustrated Policy	Detects emoji that depict angry or frustrated emotions. As a transparent policy, key terms and phrases are shared for verification, modification, inclusion, or exclusion of additional criteria. Please see online help for more assistance with transparent policies.
Financial Distress Policy	Keywords and phrases used to identify employees that may be
	experiencing financial distress. This policy can be used to aid in meeting
	compliance obligations for financial supervision.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
High Risk Securities - Complete List Policy	Detects high risk securities (names or tickers) in proximity to transaction
	terms to aid in meeting compliance obligations for financial supervision.
	High risk securities are identified as securities that have had a recent US
	securities class action filling (current list covers Jan 1, 2021-Nov 17,
	2022).
	The following were removed due to abundance of false positives observed
	in testing Tickers: BCS \\| CAN \\| CS \\| ET \\| GS \\| IBM \\| IQ \\| MDT \\| MP \\|
	OPEN \\| SAVE \\| SO \\| TSP \\| U \\| UBER \\| USB \\| WFC \\| XRAY \\| Z
	And Names: barclays \\| credit suisse \\| goldman sachs \\| international
	business machines \\| spirit airlines \\| u.s. bancorp \\| uber \\| wells fargo
	The following were identified as potentially causing numerous false
	positive but performed satisfactorily during testing and so remain in the
	policy - Tickers: ACAD \\| AI \\| AMZN \\| APPS \\| AZN \\| BLUE \\| BZ \\| CEI \\|
	COIN \\| DM \\| DNA \\| DOCU \\| EAR \\| EDU \\| EH \\| ERIC \\| EVA \\| FAT \\| GRAB \\|
	HOOD \\| JT \\| LIVE \\| META \\| MF \\| NFLX \\| OM \\| PCT \\| PLUG \\| PTE \\| RAD \\|
	RENT \\| RIDE \\| ROOT \\| SAM \\| SNAP \\| SOS \\| SQ \\| TALK \\| TASK \\| TLS \\|
	TMC \\| TSN \\| UI \\| UL \\| VIEW \\| WDH \\| WISH \\| WM \\| YQ
	And Names: amazon.com incorporated \\| amazon.com, incorporated \\|
	block inc \\| block incorporated \\| block, inc \\| block, incoporated \\| netflix
	incorporated \\| netflix, incorporated \\| okta inc \\| okta incorporated \\| okta, inc
	\\| okta, incorporated \\| on24 inc \\| on24, inc \\| rivian automotive inc \\| rivian
	automotive incorporated \\| rivian automotive, inc \\| rivian automotive,
	incorporated \\| twitter inc \\| twitter inc. \\| twitter, inc \\| twitter, inc.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
High Risk Securities - Large CAP Policy	Detects large cap high risk securities (names or tickers) in proximity to transaction terms to aid in meeting compliance obligations for financial
	supervision. High risk securities are identified as securities that have had
	a recent US securities class action filling (current list covers Jan 1, 2021-
	Nov 17, 2022). Securities are separated into Very Large CAP ($100B+)
	and Large CAP ($10B-$100B) for easy editing and/or removal.
	The following were removed due to abundance of false positives observed
	in testing - Tickers: BCS \\| CS \\| ET \\| GS \\| IBM \\| MDT \\| SO \\| U \\| UBER \\|
	USB \\| WFC
	And Names: barclays \\| credit suisse \\| goldman sachs \\| international
	business machines \\| u.s. bancorp \\| uber \\| wells fargo
	The following were identified as potentially causing numerous false
	positive but performed satisfactorily during testing and so remain in the
	policy - Tickers: AMZN \\| AZN \\| DOCU \\| ERIC \\| GRAB \\| META \\| NFLX \\|
	SNAP \\| SQ \\| TSN \\| UI \\| UL \\| WM
	And Names: amazon.com incorporated \\| amazon.com, incorporated \\|
	block inc \\| block incorporated \\| block, inc \\| block, incoporated \\| netflix
	incorporated \\| netflix, incorporated \\| okta inc \\| okta incorporated \\| okta, inc
	\\| okta, incorporated \\| rivian automotive inc \\| rivian automotive incorporated
	\\| rivian automotive, inc \\| rivian automotive, incorporated \\| twitter inc \\| twitter
	inc. \\| twitter, inc \\| twitter, inc.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
High Risk Securities - Mid CAP Policy	Detects mid cap high risk securities (names or tickers) in proximity to
	transaction terms to aid in meeting compliance obligations for financial
	supervision. Mid cap high risk securities are identified as securities that
	have had a recent US securities class action filling (current list covers Jan
	1, 2021-Nov 17, 2022) and a market cap of $2B-$10B.
	The following were removed due to abundance of false positives observed
	in testing - Tickers: IQ \\| MP \\| SAVE \\| XRAY \\| Z
	And Name: spirit airlines
	The following were identified as potentially causing numerous false
	positive but performed satisfactorily during testing and so remain in the
	policy - Tickers: ACAD \\| BZ \\| COIN \\| DNA \\| EDU \\| EVA \\| HOOD \\| PLUG \\|
	SAM
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
High Risk Securities - Other Policy	Detects high risk securities in proximity to transaction terms to aid in
	meeting compliance obligations for financial supervision. High Risk
	Securities -Other are identified as securities that have had a recent US
	securities class action filling (current list covers Jan 1, 2021-Nov 17, 2022)
	and are currently not listed on an SEC-regulated exchange as of Dec 21,
	2022.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
High Risk Securities - Small CAP Policy	Detects small cap high risk securities (names or tickers) in proximity to
	transaction terms to aid in meeting compliance obligations for financial
	supervision. Small cap high risk securities are identified as securities that
	have had a recent US securities class action filling (current list covers Jan
	1, 2021-Nov 17, 2022) and a market cap of less than $2B.
	The following were removed due to abundance of false positives observed
	in testing - Tickers: CAN \\| OPEN \\| TSP
	The following were identified as potentially causing numerous false
	positive but performed satisfactorily during testing and so remain in the
	policy - Tickers: AI \\| APPS \\| BLUE \\| CEI \\| DM \\| EAR \\| EH \\| FAT \\| JT \\| LIVE
	\\| MF \\| OM \\| PCT \\| PTE \\| RAD \\| RENT \\| RIDE \\| ROOT \\| SOS \\| TALK \\|
	TASK \\| TLS \\| TMC \\| VIEW \\| WDH \\| WISH \\| YQ
	And Names: on24, Inc \\| on24 Inc
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Outside Business Activities Policy	Key phrases of potential outside activities that may require firm pre-approval or could be prohibited per firm policy. This policy is designed to aid in meeting compliance obligations for financial supervision.
Secrecy Policy	Detects key phrases associated to secrecy: the action of keeping
	something secret or the state of being kept secret. As a transparent policy,
	this policy and its patterns can be fully edited. To modify, copy the policy
	and/or the pattern and then edit as needed. It is a best practice to use
	Transparent Policies in conjunction with noise (junk) minimization
	techniques to reduce false positives. Please see online help for more
	assistance with transparent policies.
Selling Away Policy	Detects language that may indicate selling away, the offering or obtaining
	of financial products for a client that are not approved by the firm. This
	policy is designed to aid in meeting compliance obligations for financial
	supervision.
	This policy contains the following editable conditions:
	- Identifying a named outside firm in proximity to terms referencing the selling of financial products
	- Identifying the 'hand delivery' of a receipt, check, certificate, or confirm or the delivery of a 'certificate of authenticity' or 'private receipt'
	- Identifying ACH in proximity to terms such as 'my private bank account
	- Identifying outbound email referencing the sending of a payment to a personal address, or financial institution.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.
Subscriptions Policy	Detects words or phrases that are often associated with subscription
	based electronic communications. This policy may be used to isolate and
	exclude such communications from the institution's review sets.
	As a transparent policy, key terms and phrases are shared for verification,
	modification, inclusion, or exclusion of additional criteria. Please see
	online help for more assistance with transparent policies.

Table: U.S. Federal Regulations

Policy	Detects
Criminal History Policy	Identity history summary (Criminal History Record, or Rap sheet) for Criminal Justice Systems.
United States Delaware Personal Data Privacy Act (DPDPA) Policy	Detects U.S.- and Delaware-centric personally identifiable information in support of Delaware Personal Data Privacy Act (DPDPA).
United States Federal Financial Institutions Examination Council (FFIEC) Policy	Personally identifiable and financial information for the Federal Financial Institutions Examination Council (FFIEC).
United States Export Controlled Information Policy	Content subject to export control under the U.S. International Traffic in Arms Regulations (ITAR), the Arms Export Control Act, the Export Administration Act, export-controlled materials under U.S. Department of Commerce (DoC) Export Administration Regulations (EAR) 15 CFR §§730-774, the Export Administration Regulations (EAR), U.S. Executive Order 13556 Controlled Unclassified Information (CUI) 32 CFR Part 2002, or articles, services, and related technical data designated as defense articles or defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act and constitute the U.S. Munitions List (USML).
United States Federal Information Security Management Act (FISMA) Policy	Personal and security information and for Federal Information Security Management Act (FISMA) of 2002, also known as E-Government Act of 2002, also known as Public Law 107-347. The type of information that should be protected depends on the relevant agency/sector.
United States Florida Senate Bill 264 (SB 264) Policy	Detects electronic patient information for Florida's medical privacy law and medical identity theft to support Florida Senate Bill 264 (Forida/FL SB 264).
United States Indiana Consumer Data Protection Act (ICDPA) Policy	Detects U.S.- and Indiana-centric personally identifiable information in support of Indiana Consumer Data Protection Act (ICDPA/INCDPA)
United States Iowa Consumer Data Protection Act (ICDPA) Policy	Detects U.S.- and Iowa-centric personally identifiable information in support of Iowa Consumer Data Protection Act (ICDPA/IACDPA)
United States Kentucky Consumer Data Protection Act (CDPA) (HB 15) Policy	Detects U.S.- and Kentucky-centric personally identifiable information in support of Kentucky Consumer Data Protection Act (CDPA) (HB 15).
United States Montana Consumer Data Protection Act (MCDPA) Policy	Detects U.S.- and Montana-centric personally identifiable information in support of Montana Consumer Data Privacy Act (MCDPA/MTCDPA).
United States National Institute of Standards and Technology (NIST) 800-171 Policy	Detect forms and terms relating to the U.S. National Institute of Standards and Technology (NIST) 800-171 publication.
United States New Hampshire Consumer Data Privacy Act (CDPA) Policy	Detects U.S.- and New Hampshire-centric personally identifiable information in support of New Hampshire Consumer Data Privacy Act (CDPA) (SB 255)
United States New Jersey Data Privacy Law (DPL) Policy	Detects U.S.- and New Jersey-centric personally identifiable information in support of New Jersey Data Privacy Law (NJDPL) (SB 332)
United States Oregon Consumer Privacy Act (CPA) Policy	Detects U.S.- and Oregon-centric personally identifiable information in support of Oregon Consumer Privacy Act (CPA).
United States Internal Revenue Service (IRS) 1075 Policy	IRS tax forms and financial information for the U.S. Internal Revenue Service (IRS) 1075 and Internal Revenue Code (IRC) 6103.
United States Securities and Exchange Commission (SEC) Forms Policy	U.S. Securities and Exchange Commission (SEC) Forms.
United States International Traffic in Arms Regulations (ITAR) Policy	Content subject to export control under the International Traffic in Arms Regulations (ITAR), the Arms Export Control Act, the Export Administration Act, the Export Administration Regulations (EAR), or articles, services, and related technical data designated as defense articles or defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act and constitute the U.S. Munitions List (USML).
United States Tennessee Information Protection Act (TIPA) Policy	Detects U.S.- and Tennessee-centric personally identifiable information in support of Tennessee Information Protection Act (TIPA)
United States Texas Data Privacy and Security Act (TDPSA) Policy	Detects U.S.- and Texas-centric personally identifiable information in support of Texas Data Privacy and Security Act (TDPSA).

Table: U.S. State Regulations

Policy	Detects
California Assembly Bill 1298 (HIPAA) Policy	Electronic patient personally identifiable information (PII) for California Assembly Bill 1298 (California/CA AB 1298).
United States California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) Policy	U.S.- and California- centric personally identifiable information in support of California AB-375, California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA).
United States California Privacy Rights Act (CPRA) Sensitive Personal Information (SPI) Policy	U.S.- and California- centric sensitive personal information (SPI) in support of U.S. California Privacy Rights Act (CPRA) of 2020.
California Financial Information Privacy Act (SB1) Policy	Personal financial information for California Financial Information Privacy Act, also known as CA SB1.
United States Maryland Online Data Privacy Act (MODPA) and Maryland	Detects U.S.- and Maryland-centric personally identifiable information in
Personal Information Protection Act (PIPA) Policy	support of Maryland Online Data Privacy Act (MODPA) (HB 567) and
	Maryland Personal Information Protection Act (PIPA) (Law 14-3504)
United States Massachusetts Regulation 201 CMR 17.00 (MA 201 CMR 17) Policy	U.S.- and Massachusetts- centric personally identifiable information in accordance with Massachusetts Regulation 201 CMR 17.00.
United States Minnesota Consumer Data Privacy Act (CDPA / "Minnesota	Detects U.S.- and Minnesota-centric personally identifiable information in
Act") Policy	support of Minnesota Consumer Data Privacy Act (CDPA / "Minnesota Act").
United States Nebraska Data Privacy Act (NDPA) (LB 1074) Policy	Detects U.S.- and Nebraska-centric personally identifiable information in
	support of Nebraska Data Privacy Act (NDPA) (LB 1074)
United States New York State Department of Financial Services (NYDFS) Cybersecurity Regulation 23 NYCRR 500 Policy	Personal data applicable to the U.S. Cybersecurity Regulation; detects personal data applicable to the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation , 23 NYCRR 500.
United States Utah Consumer Privacy Act (UCPA) Policy	Detects U.S.- and Utah-centric personally identifiable information in support of Utah
	Consumer Privacy Act (UCPA).
United States Connecticut Data Privacy Act (CDPA) Policy	Detects U.S.- and Connecticut-centric personally identifiable information in support
	of Connecticut Data Privacy Act (CDPA).
United States Colorado Privacy Act (CPA) Policy	Detects U.S.- and Colorado-centric personally identifiable information in support of
	Colorado Privacy Act (CPA).
United States Virginia Consumer Data Protection Act (VCDPA) Policy	Detects U.S.- and Virginia-centric personally identifiable information in support of
	Virginia Consumer Data Protection Act (VCDPA).