Protecting Personally Identifying Information (PII) with Sesam
Manage, curate and secure PII data sets
Working with information about individuals is high risk, the regulatory requirements around the retention of personal data are increasingly strict and the correct handling of a data subject’s legal rights is expensive. Usage scenarios of PII can be complex and connections between data and data subjects may or may not be personally identifying depending on use. It also may not always possible or even sensible to simply anonymize or mask data without losing valuable information or reducing functionality of critical systems. Further, the ability for analysts to model data correctly at a later point in time may be compromised.
The requirements around data movement containing PII are also various and complex. Encryption is expected. Data integration between production systems per definition will require the movement of highly granular PII, and conversely, analytical systems need to subjectively select what data to retrieve, expose, and most importantly connect together. Consider a typical use case: A data scientist or analyst would rarely require the direct use of PII to build models connecting cohorts of individuals to business events or attributes. For example, a date of birth or a location used in isolation are not considered PII until connected to something else where an inference can be made. When aggregating these groups of individuals into cohorts of a certain age or location and connecting these groups to specific business events, significant non-PII insights can be generated. Such analysis is enabled by securely connecting datasets together at the PII level for correlations.
Further, business actions derived from such analytical insights needs to be connected back to the data subjects within operational systems. This creates even more detailed context about an individual which is critical for personalized user experiences, but this data also needs to be securely protected as with all other PII moving between systems in your organisation.
Sesam’s Vault integration enables data security and encryption at the point of data acquisition. Whilst uniquely encrypting PII identifier keys, Sesam’s unique global datasets architecture is still able to maintain data provenance and merge disparate data. In addition to the identifiers, entire data blobs can be encrypted and propagated through the hub, with secure key exchange ensuring only those who should see the data, can.
At Sesam we call this Vault Protected Data Sets
- Mature data ecosystem rapidly enhances agility in all projects requiring data integration between enterprise systems
- Ability to encrypt data set key identifiers
- Ability to encrypt data entity contents or blob whilst maintaining data provenance
- Easily Incorporate Data masking and anonymization tools such as ARX
- Easily combine, shape and iterate on rich contextual data to enable new value-added applications
- Global data sets are re-usable, whilst iteratively and continuously improved by each new application added
Key Vault Protection
- 1. Data sources connect to Sesam
- 2. Key encryption is applied when data is acquired, locking away the original key in the Vault, and providing a unique secure identifier for the data set.
- 3. Sesam stores the now secured data set with the uniquely secured identifiers
- 4. When the now de-identified datasets are to be merged or correlated, the Key Vault provides the key matches, allowing for connections, without knowing the original personally identifying keys.
- 5. Merged data sets are PII protected
Last edited: 08.11.2019 | Published: 08.11.2019
All your data – Connected