Data access and data privacy are often fundamentally at odds with each other. Organizations want unfettered access to the data describing customers. Meanwhile, customers want their data – especially their personally identifiable information – to remain as private as possible.

Organizations need to protect data privacy by only granting data access to authorized business users. But even when data access has been authorized, there are still sensitive aspects of data that should be masked when presented to business users.

Data masking, also referred to as anonymization, obscures data values by replacing them with equivalent, but non-sensitive, values that can still be used for operations such as joining relational tables and analytics such as representing individuals in time series or transactional data. Masking uses non-reversible (without knowing the key) encryption to make data more difficult to decipher when unauthorized access occurs (i.e., a hack or other security breach). Masking anonymizes data by removing, obscuring, aggregating or altering data so it does not identify individuals. This allows for a much wider, and much safer, use of the information.

For example, a financial analyst at a bank reviewing a customer’s loan application doesn’t need to see sensitive data values such as social security number, or other tax identification numbers, bank account numbers, credit card numbers, or even contact information such as phone numbers and email addresses. There really is no reason for these data values to be displayed as plain text on computer screens or in printed documents.

Today, data has become a real-life superhero capable of delivering important business insights that even a decade ago would have seemed like a fictional superpower. Which is why data should be treated like a superhero – its secret identity must be protected. Organizations often need data to be as accessible as possible to accomplish their business objectives. But when the data being accessed contains personally identifiable information, it should leave even authorized business users asking: “Who was that masked data?”