Data Masking

From Bitnami MediaWiki
Revision as of 17:53, 19 February 2022 by Jkoran (talk | contribs) (Created page with "Data Masking (also called "obfuscation") is a process that replaces one identifier with a pseudonymous one or redacts portions of an identifier...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Data Masking (also called "obfuscation") is a process that replaces one identifier with a pseudonymous one or redacts portions of an identifier (e.g., IP truncation).

Another method of data masking is "substitution," which replace one identifier with a less precise one (e.g., linking the zip 90210 to "Beverly Hills," given there are other zip codes in that California region). Password entry boxes frequently rely on data masking to substitute a single character (e.g., "*" or "X") for each actual input character entered by the user. Credit card receipts often truncate the entire account number, displaying only the last four digits of a credit card.

Regulator Perspectives

Algorithmic functions are preferred as strong protections than substitution or tokenization forms of pseudonymization. The Article 29 Data Protection Working Party wrote:

If pseudonymisation is based on the substitution of an identity by another unique code, the presumption that this constitutes a robust de-identification is naïf….[1]

Thus, when an identifier is "de-identified" it is no longer directly linked to an individual’s identity and hence "pseudonymous." When all identifiers have been removed from information, it is "anonymous."

References