Start of change

Tagging 64-bit memory objects for data privacy

To control the distribution of sensitive data in 64-bit memory objects, the creating program can use the SENSITIVE parameter on the IARV64 service. SENSITIVE=YES indicates that the memory object contains sensitive data. Tagged sensitive data in dumps can be secured and redacted when post processed by Data Privacy for Diagnostics (DPfD). For more information about DPfD, see z/OS MVS Diagnosis: Tools and Service Aids.

  • Consider tagging memory objects as SENSITIVE=YES when they contain data of a personal or confidential nature that can cause harm to the individual or business if not safeguarded, such as regulated data as defined by General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or other legal requirements.
  • Consider tagging memory objects as SENSITIVE=NO when they do not contain data of a personal or confidential nature.
  • Consider tagging memory objects as SENSITIVE=UNKNOWN, which is the default, when you are unsure of the sensitive nature of the data.
  • Start of changeIARV64 REQUEST=CHANGEATTRIBUTE can be used to specify different sensitive states for subsections of the memory object, but there will be higher system memory overhead than for a memory object with a uniform SENSITIVE setting.End of change
End of change