Cloudera Navigator collects metadata for cluster activities and assets; typically, this information does not include data and therefore doesn't provide an opportunity to expose sensitive data through the user interface. However, there could be sensitive data exposed the Navigator logs: queries from Impala or Hive may include a specific data value, such as a phone number or US social security number.
To guard against sensitive data exposures through Navigator logs, you can use Cloudera Manager's log redaction feature to filter out string patterns using regular expressions. For example, you could mask all quoted strings, social security numbers, and phone numbers.
The log redaction rules can apply across all cluster services.
For details, see the Cloudera Security guide, specifically Log and Query Redaction.