You need to remove the personally identifiable characteristics of data. At the same time, that data needs to be individualized so it can flow safely de-identified through different departments and, where necessary, be re-identified.
De-identified data should also resemble its original format. Its length, data type, or even a real-looking but different value is needed for ongoing operations and testing. Field encryption does not accomplish this goal when the ciphertext length exceeds the original field length, and data realism is lost. Format-preserving encryption (FPE), on the other hand, can be a desirable option, though in some cases may be impractical.
Use the IRI FieldShield data masking product (or the IRI Voracity data management platform which includes FieldShield),to statically de-identify personally identifiable information (PII), protected health information (PHI), and other sensitive field data in databases and file in one of these ways:
- Apply a built-in or custom field-level encryption function, and use the matching decryption function and key to reveal the data.
- Use the built-in ASCII de-identification function (screenshot below), or an encoding function like this one.
- Specify lookup (set) files to substitute sensitive field values with a pseudonym.
- Transform the field with one or more data manipulations, or redact all or part of it with custom characters (though that does not allow for data recovery).
- De-identify the data with your own field-level transformation function.
These field-level de-identification methods help you comply with data privacy regulations, while leaving your non-sensitive data and files available for further processing, as well as producing an XML audit trail to help you verify compliance.