Masking sensitive data
Secure and protect Personally Identifiable Information (PII) and other sensitive data by creating custom security rules to mask or remove this data. Security rules help to protect your company from exposure to identity theft and other security-related issues.
Pega Workforce Intelligence includes default security rules that remove Social Security Numbers (SSN) and the following types of Credit Card Numbers (CCN):
- American Express
- Visa
- MasterCard
- Discover
- Diners Club enRoute
- Diners Club International/Carte Blanche
- Diners Club United States and Canada
- JCB
- CUCard
You cannot modify or delete these default rules, but you can add new rules. The following use cases and sample values can help you determine how to address common masking needs by using security rules.
Date masking rule
Mask dates if you want to hide sensitive date information, such as the date of birth. You can include multiple date formats in the pattern. Based on the following example values, Workforce Intelligence searches for dates that follow the mm/dd/yyyy pattern and replaces the actual date with the letters mm/dd/yyyy:
- Name
- Date masking rule
- Description
- Date masking
- Pattern
- \d{1,2}\/\d{1,2}\/\d{4}
- Replacement
- mm/dd/yyyy
- Field names
- ExecutablePath,ProcessStartArgs,Url,UrlTitle,UrlPath,UrlQueryString,BaseUrl,WindowText
Email address masking rule
Mask email addresses to protect the identity of individual associates or to remove irrelevant data from analysis, if specific email addresses do not add value. Based on the following example values, Workforce Intelligence searches for the pattern that includes any acceptable email characters separated by an @ symbol and a dot. The system replaces the actual email address with [email protected].
- Name
- Email address masking rule
- Description
- Email address masking
- Pattern
- \b[a-zA-Z0- 9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b
- Replacement
- [email protected]
- Field names
- ExecutablePath,ProcessStartArgs,Url,UrlTitle,UrlPath,UrlQueryString,BaseUrl,WindowText
Outlook consolidation masking rule
If you want to target email masking to Microsoft Outlook title bars, you can create a security rule to remove the individual email addresses from Outlook title bars. For example, this security rule is useful when analysts are only interested in the total amount of time that associates spend in inboxes instead of identifying specific inboxes. The following values provide example patterns, but the patterns you enter depend on how the title bars are formatted in your version of Outlook:
- Name
- Outlook consolidation rule
- Description
- Outlook masking
- Pattern
- (^Inbox -)(.*)( - Outlook$)|(^Sent Items -)(.*)( - Outlook$)|(^Deleted Items -)(.*)( - Outlook$)|(^Outbox -)(.*)( - Outlook$)
- Replacement
- $1$3$4$6$7$9$10$12
- Field names
- ExecutablePath,ProcessStartArgs,Url,UrlTitle,UrlPath,UrlQueryString,BaseUrl,WindowText
Tax ID Number masking rule
A TIN is considered Personally Identifiable Information (PII) because it is a unique number used to identify individuals. It is also sensitive information because it used on financial forms, such as tax records. You can protect TINs by creating a security rule that replaces these unique identifiers with xx-xxxxxxx, as shown in the following example values:
- Name
- Tax Identifier Number masking rule
- Description
- TIN masking
- Pattern
- [0-9]{2}-[0-9]{7}
- Replacement
- xx-xxxxxxx
- Field names
- ExecutablePath,ProcessStartArgs,Url,UrlTitle,UrlPath,UrlQueryString,BaseUrl,WindowText
Learn more about how to add custom security rules by reading the following article:
- Adding custom security rules
Protect sensitive data and adhere to your organization's security efforts to mask Personally Identifiable Information (PII) by creating custom security rules.
Previous topic Deleting custom configurations Next topic Adding custom security rules