Data masking (data pseudonymisation) is a data security technique in which a dataset is copied but with sensitive data obfuscated. This benign replica is then used instead of the authentic data for testing or training purposes.
What do I need to know about data masking?
Data masking does not just replace sensitive data with blanks. It creates characteristically intact, but inauthentic, replicas of personally identifiable data or other highly sensitive data in order to uphold the complexity and unique characteristics of data. In this way, tests performed on properly masked data will yield the same results as they would on the authentic dataset.
Protect Personal Identifiable Information
Concerns about data sharing and confidentiality mean many organisations now mask personal identifiers. This is especially the case when data is used for purposes other than those for which it was originally collected.
The Northdoor solution
Northdoor’s Data Masking solution is designed to give organisations the capability to safeguard personal and sensitive information – reliably, cost-effectively, and at scale.
The Data Masking solution from Northdoor enables you to:
By improving your ability to mask personally identifiable data, Northdoor Database Record Masking can reduce internal costs and cut the risk of regulatory penalties.
For more information on how Northdoor can help you reduce your regulatory risk and increase internal efficiency, read our short solution brief on data masking, or contact us directly for a no-obligation assessment.
Concerns about data sharing and data confidentiality especially around the secondary use of data – where data is used for purposes other than those which it was originally collected – has resulted in many organisations using data masking to remove personal identifiers. Whilst masking is a simple concept scaling out pilot deployments to multiple data sources can be technically challenging and costly.
What are the benefits of data masking?
Data masking is essential in many regulated industries where personally identifiable information must be protected from overexposure. By masking data, the organisation can expose the data as needed to test teams or database administrators without compromising the data or getting out of compliance. The primary benefit is reduced security risk.
The challenges of data pseudonymisation
Data pseudonymisation is a relatively simple concept – for example, replacing genuine names and addresses with sample names and addresses in customer records. However, scaling a solution to cover multiple data sources is potentially costly, challenging, and unlikely to produce consistent results.
Data masking is difficult because the changed data must retain any characteristics of the original data that would require specific processing. Yet it must be sufficiently transformed so that no one viewing the replica would be able to reverse-engineer it. Commercial software solutions are available to automate masking and provide confidence in the obfuscation quality.
Northdoor’s Data Record Pseudonymisation
Northdoor’s solution provides organisations with the capability to safeguard personal and sensitive information. Get the control you need from IT and ensure all personal identifiable data is protected.
Does your organisation have a good handle on data masking, or are you potentially letting personally identifiable data slip through the net?
Many organisations routinely replace names and other personal identifiers in certain sets of data with pseudonyms – the process known as data masking, alternative routes would be data obfuscation or data anonymisation. The 2018 GDPR legislation places more rigorous demands on data confidentiality, potentially extending both the types of data that should be masked and the scenarios in which masking is required.
In particular, the GDPR aims to restrict the so-called secondary use of data, in which data originally collected for one purpose, say, signing up for a newsletter, is used for a different purpose such as user profiling. As organisations introduce greater granularity around permissions, there will potentially be many new areas in which the ability to rapidly and reliably mask data will be a major benefit. And where data may be shipped out to external partners, perhaps for statistical analysis, ensuring that masking is rigorous and non-reversible is absolutely critical.
Data Record Masking for the Insurance Industry
While data pseudonymisation, or ‘masking’, is a simple concept, insurers typically have significant legacy systems, which makes scaling out a pilot deployment to cover multiple data sources challenging.
NHS Patient Record Pseudonymisation
Northdoor’s NHS Patient Record Pseudonymisation solution can provide NHS Trusts with the capability to safeguard personal and sensitive patient information.
In light of the GDPR, many firms have ramped up controls around the masking or pseudonymisation of data. A key area of concern is in the development and testing of new software, where realistic sets of data on customers and other natural persons are frequently required to ensure that software will work as expected in production. Particularly where development is handled by third-party organisations, companies need to be exceptionally careful that personal identifiers in their data are correctly and reliably masked.
The growing challenge of masking data
Data masking is simple enough on paper – for example, genuine names and addresses are replaced with dummy names and addresses in the same format. However, with multiple data sources to manage, scaling up the practice to meet the needs of software development and testing teams is proving difficult, time-consuming, costly and inconsistent for many companies today. The current reliance on manual techniques may also leave companies exposed to the risk of significant financial penalties through human error in data masking.
Northdoor are now preferred suppliers for public sector and NHS Trusts looking to automatically protect, anonymise and safeguard sensitive information. The Crown Commercial Service Supplier (CCS) acts on behalf of the government to drive savings for the taxpayer and improve the quality of commercial and procurement activity. The G9 agreement supports the government’s policy to centrally manage the procurement of common goods and services through an integrated commercial function at the heart of government.
The agreement with Northdoor means that public sector organisations can buy its services via the G Cloud Digital Marketplace without the need to undertake a full tender or procurement process, making it easier and faster for organisations to ensure their compliance using Northdoor.