Data Masking
Use data masking to permanently obscure data in a non-production environment to protect sensitive or personally identifiable information (PII) from users who access that environment.
Data masking is available to customer tenancies that have subscribed to a service SKU that includes the data masking feature on test and development environments only.
Overview of Data Masking
Data masking permanently masks, or obscures, data in a non-production environment to protect sensitive or personally identifiable information (PII) from users who access that environment. By masking PII, you allow users to conduct user acceptance testing with production-like data in test and development environments, while remaining in compliance with regulatory requirements such as Sarbanes-Oxley, PCI DSS, and HIPAA. Some applications subscriptions come with the data masking feature. You can also purchase this option as an add-on subscription.
Data is masked based on a template provide by Oracle. The template defines the masking rules applied to the different types of PII data fields. For examples, see How Your Data is Masked.
Data Masking Considerations
Ensure that you are aware of the following impacts of data masking before you apply it to your non-production environments:
- Data masking requires up to 24 hours downtime.
- Data masking is irreversible.
- In many cases, the use of masked data results in different, noticeable results than
the source data because the values are different. Any process that leverages this
data may render different results. Notable examples include:
- Email notifications sent from the masked non-production environment are all routed to the same discard domain, "sendmail-test-discard@oracle.com" and will not be delivered to individual email addresses.
- Addresses: Masking will shuffle Postal Code, Town or City, and Country values. Therefore, masked persons on the database may have data that is inconsistent with their assigned home address. In addition, any process that leverages address components will give different results due to the shuffled values. Examples include processes to determine eligibility, or to perform benefits and payroll calculations.
- Dates of Birth are randomly assigned within a range of January 1, 1945 and December 31, 1990, so person ages will be different after masking. This affects age-based reporting and processing.
- Person Names: Components of a person's name are separately shuffled across the database, so the resulting full name can be inconsistent with the assigned person's gender.
- Documents of Record, Disabilities, Driver's Licenses, Passports, Visa, and Work Permits likely will be unusable by any report or process that leverages them due to the masking techniques applied to these types of data.
- National Identifiers are removed. Although payroll calculation processes do not require a National Identifier, payroll reports, pay slips, and outbound payroll extracts will not contain National Identifiers.
Running Data Masking
See your applications-specific documentation for the steps or process required to run data masking.
How Your Data is Masked
Data is masked according to the predefined template provided by Oracle. The following table shows some examples of data masking techniques that are applied.
| Data | Masking Technique | Example Masked Value |
|---|---|---|
| Bank Account Number | Random digits | Sample: 4936477859 |
| IBAN | Nulled | <null> |
| Email addresses | Fixed string | "sendmail-test-discard@oracle.com" |
| Phone numbers | Random digits | Sample: 925-692-9270 for USA phone number format |
| Addresses |
Address Lines 1 & 2: Fixed String; Address Lines 3 &4: Nulled; Postal Code, Town or City, Country: Shuffled as a group |
Sample: Address Line 1: "Station" Address Line 2: "Road" Address Line 3: <null> Address Line 4: <null> Postal Code: S031 4NG Town or City: SOUTHAMPTON Country: UNITED KINGDOM |
| Dates of birth | Random Date between January 1, 1945 and December 31, 1990 | Sample: June 14, 1985 |
| Places of birth | Nulled | <null> |
| Dates of death | Nulled | <null> |
| Person names | First Name, Middle Name, Last Name: Shuffled separately from one another and across persons | Sample: Prabu Ann Chin (masked from original name of Elizabeth Mary Jones) |
| Documents of record |
From Date: Random date between January 1, 2000 and January 1, 2020; To Date: Random date between January 1,2000 and January 1, 2020; Date Issued: Random date between January1, 2000 and January 1, 2020; Issuing Authority: Random string; Document of Record ID: Shuffle rows; Issuing Location: Random string |
Sample: From Date: May 11, 2007 To Date: October 5, 2007 Date Issued: May 9, 2007 Issuing Authority: U#_G Document of Record ID: TM289384 Issuing Location: I*R@O{C |
| Disabilities | Table truncated | |
| Driver's licenses | Table truncated | |
| Passports | Passport numbers: Random string | Sample: *K^%KE |
| Visas and work permits | Visa/Permit Number: Random string; Visa/Permit Type: Shuffle rows |
Sample: Visa/Permit Number: K%R+KH@ Visa/Permit Type: Academic Student |
| National identifiers | Table truncated | |
| Credit card numbers | Random number | 7382059934889230 |