Confidential data doesn't stop being confidential because it crossed a company boundary

Why data masking is not optional when reports move between organisations

6th July 2026BlogAJ Thompson

Are you ready to get in touch?

Request a Call back

Data masking is the practice of replacing real, sensitive values in a report with realistic but fake substitutes before that report leaves your organisation. For any reporting or analytics team that shares data with partners, regulators, or suppliers, it is the one control that survives the handoff. Once a report leaves your perimeter, you cannot revoke it, audit who sees it, or guarantee it is deleted. NDAs and access controls do not stop a spreadsheet from being forwarded or screenshotted. If sensitive fields are masked before export, the exposure never materialises, regardless of what happens to the file afterwards. In this article, AJ Thompson explains what data masking has to get right, and where IBM InfoSphere Optim fits.

Abstract data masking hero graphic showing confidential records being masked as they cross a boundary.

Let me be direct about something too many reporting and analytics teams still get wrong. A report leaves your organisation. It lands in a partner’s inbox, a regulator’s, or a supplier’s. At that moment, you have lost control of it. You cannot revoke it. There is no way to audit every hand it passes through. Nor can you guarantee it will be deleted when the engagement ends. If that report holds real customer records, real financial detail, or real identifiers, you have not shared information. You have distributed a liability. This is exactly why data masking matters before any report crosses a company boundary.

Share a report full of real customer data and you haven't shared information. You've distributed a liability. Mask it before it leaves the building. Share on X

The problem isn’t the sharing. It’s the shape of what’s shared.

Cross-organisation reporting is not going away. Joint ventures, supply chains, audits, and regulatory submissions all demand it. However, the mistake is assuming that access controls and NDAs are enough once data leaves your perimeter. They aren’t. For example, an NDA does not stop a spreadsheet being forwarded, screenshotted, or left unencrypted in someone else’s downloads folder. Therefore, the only control that survives the handoff is the state of the data itself. If you mask the sensitive fields before the report goes out, the exposure never materialises. It does not matter what happens to the file afterwards.

Data masking flow: confidential records in Organisation A are masked before the report reaches Organisation B

Masking is applied before export, so the shared report keeps its structure while the real values never leave.

Three things data masking has to get right

  • Consistency across the dataset. The same real value must mask to the same substitute everywhere it appears. Otherwise joins, totals, and reconciliations between reports silently break.
  • Format and referential integrity. A masked account number still has to look like an account number. In addition, it has to match across every linked table. Otherwise the report is either useless or, worse, reversible.
  • Irreversibility. Encryption can be decrypted with a key. By contrast, masking done properly cannot be undone. There is no key, only a one-way substitution.

Get any one of those wrong and the result is bad either way. You either hand over usable analytics with a re-identification path, or a compliant dataset that nobody downstream can actually use. In practice, data masking is a data engineering problem as much as a security one. As a result, it needs tooling built for it, rather than ad hoc scripts run before every export.

Where IBM Optim fits

IBM InfoSphere Optim is the tool we most often reach for at Northdoor when a client needs data masking that holds up at scale, across systems, and under audit. It discovers sensitive fields across databases automatically. Masking rules then apply consistently across every table and every downstream copy. And because it preserves referential integrity, the masked report still reconciles the way the real one would. Because the policy is repeatable, the same masking rule produces the same safe output every time you regenerate a report. That is exactly what cross-organisation reporting demands.

IBM Optim data masking process: discover, define rules, apply and link, then deliver a safe report

IBM Optim turns a one-off decision into a repeatable, policy-driven process.

In short, none of this requires slowing down your reporting cycle. It requires deciding, once, that no confidential field leaves the building in its raw form. After that, you let the tooling enforce that decision every single time.

Sharing reports across organisations shouldn’t mean choosing between usable data and safe data. Contact us to assess where confidential data is exposed in your cross-organisation reporting, and how IBM Optim can close that gap.

Read more about data masking here


AJ Thompson All Author's Posts
Interested in masking confidential data before it ever leaves your business?

Request a demo or contact sales on: 0207 448 8500

Contact us
1

Our Awards & Accreditations