Data Masking

EncryptRIGHT can apply data masks to uniquely obscure parts of a piece of data in the manner appropriate for each user who is authorized to access and unsecure sensitive data to enforce appropriate data privacy.


Data masking is a general method of obfuscating some or all of an authentic piece of data in a manner that protects the actual data from being fully viewed, and various encryption or tokenization techniques may be employed to establish a data mask, or masks may be applied using a binary template. Data masks can be full (concealing all of the original data characters) or partial (obscuring only some of the data characters).

Data Masking is a key component of dynamic data privacy. For example, an HR supervisor may require access to data in the clear, while a service center representative only needs to see the last four characters of an SSN to verify an employee’s identity, and someone in payroll may only need to access a token to process a reimbursement. Data Masking is also a key requirement in complying with industry standards, such as PCI-DSS, and data protection and privacy regulations, such as EU GDPR.

While EncryptRIGHT can support static data masking, most applications employ Dynamic Data Masking (DDM) – the ability to apply any of a variety of data masks to a piece of sensitive data in real time, based upon who is accessing the data. This approach allows EncryptRIGHT software to manage data privacy throughout an enterprise, limiting the exposure of sensitive data to only the minimum portion needed.