Mask Personal Data with PII Shield

This article describes how to mask PII data and exclude sensitive data from a data stream via PII Shield.

PII Shield is a security tool that helps protect sensitive data attributes in a database. Sensitive data refers to any information that is considered confidential or private and requires a higher level of protection to ensure its security. This includes personally identifiable information (PII). There are two ways to achieve this:

  • Excluding data from sync by tagging it as Sensitive. After approving a change request, Sensitive data will not be shared with your application. In School Passport, by default, the following attributes are predefined: First Name, Last Name, Middle name, Username, Email, Password, Phone numbers, City/state/country of birth.

  • Data masking (or PII Shield) to hide some of the sensitive data. Only District Admins can see the full information, while Vendor will only see masked data.

🚧

Caution

Data masking can only be applied to user-type entities, such as Student, Contact, Teacher, or Admin.

PII Shield can be easily integrated with existing applications and managed. While data masking is not a complete security solution on its own, it is an important complement to other security measures.

How does PII Shield work?

When you use PII Shield, data masking is applied to an attribute at sync runtime. The following table displays how data masking works:

AttributeDescriptionExample
First nameExposes the first letter only, replacing the rest of the string with ***.For Richard, returns R***.
Last nameExposes the first letter only, replacing the rest of the string with ***.For Susan Rivera, returns R***.
Email addressAfter the application is activated (prior to any data import), an empty string returns. For all subsequent syncs, the username of an email will be replaced with a set of random letters and the domain will be replaced with gg4l.com.For [email protected], returns nothing. For [email protected], returns [email protected]

To view how the data is being masked, navigate to Data Browsing >Rostering and select your app. For example, the following screen displays how First Name and Last Name will be masked for a student.

Student record with masked First and Last Name

Student record with masked First and Last Name

How to use PII Shield?

To use PII Shield, you must first set masking rules for your district. The data masking rules determine which data can be masked during the data sync process. After setting the rules for the district, send a request to your application to use them. You can apply these rules as a whole or select specific ones, depending on your choice.

📘

Note

By protecting the data, it will be uploaded to School Passport, but will not share with your application, ensuring your users' privacy is protected.

  1. Navigate to the Data Quality > PII Shield.

  2. Choose a user-type entity, such as Student, Contact, Teacher, or Admin.

Select user-type entity

Select user-type entity

  1. Select the PII Shield checkboxes next to the attribute you wish to mask or exclude from sync.
  2. Save data masking rules. Now, upon importing the selected attributes from your data sources, they will be identified as "Sensitive Data". If you enable the PII Shield toggle, these attributes will remain masked and will not be shared.
  3. Go to your application.
  4. Click Overview > Request Changes.
  5. To apply all data masking rules outlined before, turn on the PII Shield toggle.
Apply all data masking rules

Apply all data masking rules

  1. If you want to apply specific rules only, leave the PII Shield toggle in the "OFF" position and on the Attributes section:
    1. Clear the Available checkboxes for the attributes that you wish to exclude from sharing.
    2. Select the Data Masking checkboxes for the attributes that you wish to mask. You can select from the data that was selected in the previous step only.
Apply specific data masking rules

Apply specific data masking rules

  1. Click Request Changes.

Once the changes are approved on the application side, data is masked and/or removed from sharing.