DATA OPS
Snowflake Untagged-PII PagerDuty Escalation
Watches Snowflake for new columns missing a sensitivity tag, classifies them, and escalates high-confidence PII to PagerDuty as an incident while logging everything else…
How it runs
The automated pipeline, trigger to output.
- TriggerEvery-3-hours schedule
- ActionFind recent untagged columns in ACCOUNT_USAGESnowflake
- ActionSample distinct values per columnSnowflake
- ActionClassify PII type and confidenceOpenAI
- LogicBranch by severity (high vs. lower confidence)
- ActionOpen PagerDuty incident for high-confidence PIIPagerDuty
- OutputAppend lower-confidence hits to Notion review queueNotion
What it does
Detects newly added Snowflake columns that lack a sensitivity tag, classifies their likely PII content, and routes the result by severity: high-confidence sensitive columns open a PagerDuty incident, while lower-confidence ones are logged to a Notion review queue.
When to use it
Use it when unmasked PII in Snowflake is a compliance-grade risk that needs a paged on-call owner, not just a Slack ping that gets buried over a weekend.
How it works
- 1A schedule runs the check every few hours.
- 2Query ACCOUNT_USAGE.COLUMNS joined against tag references to find recently created columns with no sensitivity tag.
- 3Sample distinct values for each untagged column.
- 4Classify each for PII type and confidence.
- 5A severity branch splits high-confidence PII from the rest.
- 6High-confidence hits open a PagerDuty incident with the column path and evidence.
- 7Everything else appends a row to a Notion database for the next governance review.
Set it up
What you configure once, before turning it on.
- 1Connect SnowflakeWarehouses, queries, shares.
- 2Connect OpenAIModels, embeddings, files.
- 3Connect PagerDutyIncidents, on-call, escalations.
- 4Connect NotionPages, databases, comments.
- 5Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 6Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 7Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Data Ops workflows
Snowflake column type-drift sentinel with Linear fix ticket
Snapshots the data types of every column in your tracked Snowflake schemas on a schedule, diffs against the last snapshot.
Daily BigQuery Scheduled-Query Cost Attribution to Owners
Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.
BigQuery dropped/renamed column sentinel with PagerDuty incident
Detects when a column is dropped or renamed in your governed BigQuery datasets and, because that breaks downstream queries hard, pages the on-call via PagerDuty and posts…
PR-time Snowflake schema contract check on dbt model changes
When a pull request changes a dbt model, it compares the model's declared output columns against the live Snowflake table it will replace and blocks the merge with a GitHub check…
Agent-triaged warehouse drift with impact analysis and runbook update
On a webhook from your warehouse audit log, an agent investigates the changed column, traces which downstream models and dashboards depend on it.
Cross-warehouse replication schema mismatch reconciler
Compares the column shape of mirrored tables between BigQuery and Snowflake and, when a replicated table has drifted out of sync between the two, opens an Asana task for the data…
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.