Data Masking

From Bitnami MediaWiki
Jump to navigation Jump to search

Data Masking (also called "obfuscation") is a process that replaces one identifier with a pseudonymous one or redacts portions of an identifier (e.g., IP truncation).

Another method of Data Masking is "substitution," which replace one identifier with a less precise one (e.g., linking the zip 90210 to "Beverly Hills," given there are other zip codes in that California region). Password entry boxes frequently rely on tokenized data masking to substitute a single character (e.g., "*" or "X") for each actual input character entered by the user. Credit card receipts often truncate the entire account number, displaying only the last four digits of a credit card.

Regulator Perspectives

Algorithmic functions are preferred as strong protections than substitution or tokenization forms of pseudonymization. The Article 29 Data Protection Working Party wrote:

If pseudonymisation is based on the substitution of an identity by another unique code, the presumption that this constitutes a robust de-identification is naïf….[1]

Thus, when an identifier is "de-identified" it is no longer directly linked to an individual’s identity and hence "pseudonymous." When all identifiers have been removed from information, it is "anonymous."