How we handle sensitive data in BigQuery

Incident.io, a provider of incident management software, manages sensitive data such as Personally Identifiable Information (PII) and confidential details regarding customer incidents in their BigQuery data warehouse. They approach the management of this data with care by default masking all new columns from their transactional database in BigQuery. The workflow includes several key components: establishing a taxonomy, creating policy tags for PII and confidential information, implementing a scheduled daily job to scan all tables in their transactional database within BigQuery and applying policy tags to any untagged columns, and using dbt for data transformations. They have divided their dbt pipeline into two distinct streams - one is customer-facing with full access to sensitive information, while the other is used for internal analytics with access to sensitive data in a masked format.