MySQL Enterprise Masking and De-identification

MySQL Enterprise Masking and De-identification provides an easy to use, built-in database solution to help organizations protect sensitive data from unauthorized uses by hiding and replacing real values with substitutes.

MySQL Enterprise Masking and De-identification enables organization to:

  • Meet regulatory requirements and data privacy laws such GDPR, PCI DSS and HIPPA that require data de-identification.
  • Significantly reduce the risk of a data breach by preventing unauthorized access to confidential data.
  • Protect confidential information while improving development, test and analytics environments.

MySQL Enterprise Masking and De-identificaiton protects sensitive data from unauthorized users.

MySQL Enterprise Masking and De-identificaiton protects sensitive data from unauthorized users.


Meet Industry Regulation Requirements and Data Privacy Mandates

All major industry regulations require data masking of PII (personally identifiable information), PANs (Primary Account Number) and other confidential data so that only authorized personnel can access the data. MySQL Enterprise Masking and De-identification provides specific functions to mask and de-identify confidential data so your IT organization can comply with privacy regulations, including:

  • GDPR: General Data Protection Directive
  • PCI DSS: Payment Card Industry Data Security Standard
  • HIPAA: Health Insurance Portability and Accountability Act
  • HITECH: Health Information Technology for Economic and Clinical Health Act
  • Data Protection Act: United Kingdom
  • SOX: Sarbanes Oxley
  • FERPA: Family Educational Rights and Privacy Act
  • And many more

Improve the Security of Dev, Test and Analytics Environments

Organizations can reduce the risk of a data breach by masking sensitive or confidential application data so it can be used in non-production systems. Real values are replaced with realistic but fictitious values, allowing production data to be safely used for development, testing, analytics or sharing with 3rd party partners for non-production purposes.

Built-in & Easy to Use

MySQL Enterprise Data Masking is implemented in the MySQL Server itself, so the masking logic is centralized. Its simple to implement masking functions on sensitive fields, which can be done on an existing database without affecting database operations, requiring changes in application code or changes to the production data itself. MySQL Enterprise Data Masking operates in memory with minimal performance impact.

Robust Data Masking Functions

MySQL Enterprise Masking and De-identification can hide or obfuscate sensitive data, by controlling how the data appears. It features robust masking algorithms including selective masking, blurring, random data substitution and other special techniques for credit card numbers, account numbers and other personally identifiable information, enabling IT departments to maintain structural rules to de-identify values. MySQL Enterprise Masking and De-identification functions include:

  • Selective Masking - Obscures a particular portion of numbers or strings such as phone numbers, and payment card numbers.
  • Strict or Relaxed Masking - Implement strict or relaxed masking to obfuscate data.
  • Random Data Substitution - Replace real values with random values while maintaining format consistency.
  • Blurring - Add a random variance to existing values such as randomized numeric ranges for salaries.
  • Dictionary Substitution - Randomly replace values from task specific dictionaries.
  • Blocklisting and Substitution - Replace specifically blocklisted data, but leave non-blocklisted in place.

Additional Resources