Back
Blog Post

Snowflake Dynamic Data Masking in Action: A Financial Services Case Study

Snowflake Dynamic Data Masking in Action: A Financial Services Case Study
An Nguyen, Marketing & Operations
June 20, 2025
An Nguyen, Marketing & Operations
June 20, 2025

As data volumes explode and compliance pressures increase, data governance teams face a tough balancing act: how do you protect sensitive data like PII without slowing down analytics? For data teams using Snowflake, dynamic data masking offers a powerful solution that can scale securely.  Yomar Marquez, AVP of Cloud Data Management at Rise Analytics, a company that manages multi-source data environments for the 1,000+ credit union banks in the US, saw the challenge up close: managing sensitive member data across multiple credit unions while meeting strict regulatory requirements and enabling data access for internal users.

With over 20 years in data and financial services, Yomar led the design of an adaptive governance framework that automates PII protection while enabling scalable, self-service analytics across thousands of tables. His approach is a model for data teams looking to modernize governance without compromising speed or trust. In this post, we break down how your team can do the same.

This post is part of INNER JOIN, a live show hosted by Select Star. INNER JOIN brings together thought leaders and experts to discuss the latest trends in data governance and analytics. For more information, visit Select Star's Inner Join page.

Table of Contents

The New Challenge of PII at Scale

Modern data teams deal with sprawling data estates: thousands of tables, disparate pipelines, siloed tools, and distributed teams operating across time zones. The complexity is compounded by the need to serve different types of stakeholders, such as data scientists, operation analysts, and business executives, each with different access requirements. With regulations like GDPR, HIPAA, and PCI in play, tracking and protecting personally identifiable information (PII) across that landscape is not just a best practice; it's a legal necessity. Yet traditional approaches to PII management, including manual classification, spreadsheet inventories, and static access rules, simply don’t scale or keep pace with the real-time demands of modern analytics environments.

What is Snowflake Dynamic Data Masking and Why It Matters

Tags in Select Star can be synced back to source systems to facilitate appropriate access to data assets.
Tags in Select Star can be synced back to source systems to facilitate appropriate access to data assets.[Image]

Snowflake Dynamic Data Masking is a native feature in Snowflake that allows organizations to define and enforce masking policies at the column level based on user roles. It enables sensitive data, like personally identifiable information (PII), to be automatically protected during query execution without requiring data duplication or complex pipeline logic.

Rather than relying on static access controls or maintaining multiple copies of sanitized datasets, dynamic masking enforces flexible policies in real time. This ensures the right people have access to the appropriate level of data while sensitive fields remain protected for unauthorized users.

Key benefits:

  • Real-time role-based access control: Snowflake enforces masking policies the moment a query is executed, ensuring only authorized users see unmasked sensitive data based on their assigned roles.
  • Flexible self-service without data duplication: With masking in place, analysts and engineers can access shared datasets without the need for multiple, sanitized copies, which simplifies collaboration and reduces overhead.
  • Streamlined compliance and audit readiness: Because masking policies are metadata-driven and natively integrated, Snowflake allows organizations to generate audit reports that reflect how sensitive data is protected across roles, making it easier to comply with regulations like GDPR and HIPAA.

How to Automate PII Management with Snowflake Dynamic Data Masking

Automating PII management requires a tight integration between your data catalog and your data warehouse, especially when dealing with large-scale, sensitive datasets. Snowflake Dynamic Data Masking provides the technical foundation for enforcing PII policies at query time, while a catalog like Select Star enables data teams to identify and classify sensitive fields consistently across the stack.

Step 1: Define Masking Policies

Start by identifying what sensitive data needs protection and define the corresponding masking policies in Snowflake. These rules determine how data should appear for different user roles. Support teams can debug or assist users while remaining compliant, avoiding the need to view sensitive information directly. Meanwhile, organizations can confidently share datasets across teams or business units without duplicating data or exposing PII, streamlining access while maintaining strict data protection standards.

Step 2: Tag Sensitive Data

Use a data catalog like Select Star to tag sensitive columns such as names, emails, or account numbers. Tagging provides structure and visibility, ensuring everyone understands which fields are considered PII.

Step 3: Propagate Tags with Lineage

Example of Select Star propagating tags across your data ecosystem.
Example of Select Star propagating tags across your data ecosystem.

A robust data catalog like Select Star provides automatic lineage tracking, revealing where data originates, how it transforms, and where it flows across systems. This visibility is key for understanding how sensitive fields such as names, emails, or account numbers are used across the data stack.

By tagging these fields at the source, data teams can allow the tags to propagate downstream through dbt models, Snowflake tables, and Power BI dashboards. This ensures consistent classification of PII and dramatically reduces the manual overhead for governance teams.

Step 4: Enforce Policies at Query Time

Snowflake’s dynamic data masking enforces governance policies in real-time. In Snowflake, masking policies can be defined based on user roles and triggered at the moment of query execution. When Select Star pushes PII tags into Snowflake, these tags activate role-specific masking policies.

Step 5: Monitor, Refine, and Report

Use catalog analytics to track access patterns, identify gaps, and refine your tagging or masking strategy. With metadata driving policy, you can also generate up-to-date audit reports to demonstrate compliance.

This step-by-step approach helps data teams scale secure PII access without sacrificing agility or compliance.

Real-World Case Study: Rise Analytics

Rise Analytics is a data analytics platform that serves the credit union industry by transforming operational data into actionable insights. As a data processor handling sensitive member data across multiple institutions, Rise Analytics faces both scale and regulatory complexity in its daily operations. With more than 1,000 tables per client and dozens of client organizations, Rise Analytics built a governance framework with security at its core:

  • A centralized glossary ensured unified definitions across teams and tools
  • PII tags were automatically propagated across more than 13 transformation layers
  • Metadata-driven automation made audit reporting fast and repeatable
How Rise Analytics automates PII protection by tagging sensitive fields in Select Star, propagating those tags through the entire data pipeline, and enforcing role-based masking policies at query time.
How Rise Analytics automates PII protection by tagging sensitive fields in Select Star, propagating those tags through the entire data pipeline, and enforcing role-based masking policies at query time.[Image]

Yomar Marquez and his team implemented a governance strategy centered on automated PII classification powered by Select Star and Snowflake. They began by streamlining PII tagging through data lineage. Instead of manually labeling sensitive fields across every downstream dataset, they tagged PII once at the source. Select Star then propagated these tags automatically through the data pipeline using column-level lineage, applying them only when data was replicated exactly (“as-is”). Columns that underwent transformations or aggregations were intentionally excluded to avoid false positives.

Select Star then pushed these tags into Snowflake as object tags, enabling predefined dynamic data masking to trigger automatically at query time. This seamless integration allowed Rise Analytics to enforce data protection policies reliably and at scale with minimal manual effort, by embedding privacy classification directly into their data infrastructure.

The payoff was clear. Processes that previously took weeks like tracking data usage for audits could now be completed on-demand. Dynamic masking, integrated through Snowflake and Select Star, allowed Rise Analytics to expand data access internally while maintaining strong privacy protections. This approach empowered analysts and developers without putting sensitive member information at risk.

Enabling Secure Self-Service Analytics

Adaptive governance doesn’t just protect data; it empowers users. With masking in place, analysts can access governed datasets without waiting for IT. Data engineers can debug pipelines without being exposed to raw PII. This model accelerates insight delivery without increasing risk.

PII protection doesn’t have to slow your team down. With adaptive data governance powered by metadata, lineage, and dynamic masking, you can scale governance while keeping your data open for business.

Ready to automate your PII protection? Learn how Select Star can help you build a secure, scalable data governance framework.

Related Posts

Snowflake Summit 2025: What Data Teams Need to Know
Data Governance
Data Discovery
Snowflake Summit 2025: What Data Teams Need to Know
Learn More
Guide to Snowflake Catalogs: Horizon Catalog vs Open Catalog vs Select Star
Data Catalog
Guide to Snowflake Catalogs: Horizon Catalog vs Open Catalog vs Select Star
Learn More
Data Governance for AI: The Foundation for Responsible and Effective AI
Data Governance
Data Governance for AI: The Foundation for Responsible and Effective AI
Learn More
Data Governance
Data Governance
Data Governance
Data Governance
Data Governance
Data Governance
Data Governance
Data Governance
Data Lineage
Data Lineage
Data Quality
Data Quality
Data Documentation
Data Documentation
Data Engineering
Data Engineering
Data Catalog
Data Catalog
Data Science
Data Science
Data Analytics
Data Analytics
Data Mesh
Data Mesh
Company News
Company News
Case Study
Case Study
Technology Architecture
Technology Architecture
Data Governance
Data Governance
Data Discovery
Data Discovery
Business
Business
Data Lineage
Data Lineage
Data Quality
Data Quality
Data Documentation
Data Documentation
Data Engineering
Data Engineering
Data Catalog
Data Catalog
Data Science
Data Science
Data Analytics
Data Analytics
Data Mesh
Data Mesh
Company News
Company News
Case Study
Case Study
Technology Architecture
Technology Architecture
Data Governance
Data Governance
Data Discovery
Data Discovery
Business
Business
Turn your metadata into real insights
Book a demo
Get started for free
Product
Data Catalog
Data Lineage
Ask AI
Entity-Related Diagrams
Fine-grained Access Control
Solutions
Data Governance
Data Democratization
Data Migration
Change Management
Cost Optimization
AI-Ready Data
Semantic Model Generation
Customers Stories
Pitney Bowes
Anvyl
Livesport
Handshake
Productboard
Bowery Farming
Xometry
Fintech Co.
Block
AlphaSense
Faire
Wallbox
nib
HDC Hyundai
Pennant Services
Resources
Blog
Inner Join
Integrations
Pricing
Request Demo
Docs
Security & Compliance
Compare
Alation
Atlan
CastorDoc
Collibra
DataHub
Secoda
Company
About Us
Careers
News
Privacy Policy
Terms of Service
MSA
System Status
Sign up for updates
Great! Please confirm subscription from your inbox.
Oops! Something went wrong while submitting the form.
Select Star
© 2025 Select Star Inc.
Find us on X (previously Twitter)Find us on LinkedInFind us on Medium

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. Learn more

OK