You need to remove the personally identifiable characteristics of data. At the same time, that data needs to be individualized so it can flow safely de-identified through different departments and, where necessary, be re-identified.
De-identified data should also resemble its original format. Its length, data type, or even a real-looking but different value is needed for ongoing operations and testing. Field encryption does not accomplish this goal when the ciphertext length exceeds the original field length, and data realism is lost. Format-preserving encryption (FPE), on the other hand, can be a desirable option, though in some cases may be impractical.
Both IRI FieldShield and the SortCL program in IRI CoSort can de-identify personally identifiable information (PII), protected health information (PHI), and other sensitive field data in databases and files. At the same time, the de-identified field can look more realistic and still be recovered. Both products offer nonreversible anonymization functions as well.
You can de-identify private fields (for later recovery) in all of the following ways:
- Apply a built-in or custom FPE function to the sensitive fields, and use the matching decryption function and key to reveal them.
- Use the built-in ASCII de-identification function (screenshot below), or an encoding function like this one.
- Specify lookup (set) files to substitute sensitive field values with a pseudonym.
- Transform the field with one or more data manipulations, or mask all or part of it with custom characters (though that does not allow for data recovery).
- De-identify the data with your own field-level transformation function.
The field-level de-identification methods in FieldShield or CoSort can help you comply with data privacy regulations, while leaving your non-sensitive data and files available for further processing, as well as producing an XML audit trail to help you verify compliance.
If you need to de-identify real data in the course of producing test data, use the metadata-compatible RowGen software in the IRI Data Protector suite to create test database, file, and report targets.