Difference between revisions of "Data Masking"
(Created page with "Data Masking (also called "obfuscation") is a process that replaces one identifier with a pseudonymous one or redacts portions of an identifier...") |
m |
||
Line 1: | Line 1: | ||
Data Masking (also called "obfuscation") is a process that replaces one identifier with a [[Pseudonymous|pseudonymous]] one or redacts portions of an [[Identifier|identifier]] (e.g., IP truncation). | Data Masking (also called "obfuscation") is a process that replaces one identifier with a [[Pseudonymous|pseudonymous]] one or redacts portions of an [[Identifier|identifier]] (e.g., IP truncation). | ||
− | Another method of | + | Another method of Data Masking is "substitution," which replace one identifier with a less precise one (e.g., linking the zip 90210 to "Beverly Hills," given there are other zip codes in that California region). Password entry boxes frequently rely on tokenized data masking to substitute a single character (e.g., "*" or "X") for each actual input character entered by the user. Credit card receipts often truncate the entire account number, displaying only the last four digits of a credit card. |
== Regulator Perspectives == | == Regulator Perspectives == |
Latest revision as of 01:15, 20 February 2022
Data Masking (also called "obfuscation") is a process that replaces one identifier with a pseudonymous one or redacts portions of an identifier (e.g., IP truncation).
Another method of Data Masking is "substitution," which replace one identifier with a less precise one (e.g., linking the zip 90210 to "Beverly Hills," given there are other zip codes in that California region). Password entry boxes frequently rely on tokenized data masking to substitute a single character (e.g., "*" or "X") for each actual input character entered by the user. Credit card receipts often truncate the entire account number, displaying only the last four digits of a credit card.
Regulator Perspectives
Algorithmic functions are preferred as strong protections than substitution or tokenization forms of pseudonymization. The Article 29 Data Protection Working Party wrote:
If pseudonymisation is based on the substitution of an identity by another unique code, the presumption that this constitutes a robust de-identification is naïf….[1]
Thus, when an identifier is "de-identified" it is no longer directly linked to an individual’s identity and hence "pseudonymous." When all identifiers have been removed from information, it is "anonymous."