I had a discussion with another employee today who was having problems describing how we can still do full packet capture on a network with severe Privacy Restrictions in Frane and Germany. The laws there prohibit the recording and capture of things like SMTP traffic or personally identifiable information. We can solve this problem nicely, but it takes a little work to configure the user rights to restrict access to certain meta values or meta keys. And in some cases, you might have to create a parser to identify employee identification numbers and alert that meta into a special restricted key to disallow analysts from seeing captured data associated with that privacy information.
This document is from last year and much of the interfaces will be changing with the advent of SA, but the dea is still the same.
