Knowledge Hub

Ensure Data Privacy with MySQL Enterprise Data Masking and De-Identification Features

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Data privacy is an important issue and a core requirement for regulatory compliance. Its required by:

  • EU General Data Protection Directive (GDPR)
  • US Health Insurance Portability and Accountability Act (HIPAA)
  • UK Data Protection Act
  • Sarbanes Oxley (SOX)
  • Family Educational Rights and Privacy Act (FERPA)
  • And many more

Data masking and de-identification enable the delivery of useful information or assure proper data presentation without violating privacy. MySQL Enterprise Edition provides the following capabilities to deal with the problem:

Masking parts of text by replacing meaningful characters by placeholders

For instance, payment applications may present the Primary Account Number (PAN) of a credit card with the last four digits replaced by ‘XXXX’. This is enough for the end user to identify his card on the list without revealing the whole number. There are general-purpose masking functions that mask some parts of the input string as specified by the caller and special-purpose ones that use well-defined masking patterns on well-defined data formats like PAN.

Generation of random data

Data types such as phone numbers, email addresses, or bank account numbers can be protected using random data. This generated data is provided with the correct format and observes restrictions such as control digits if applicable. Those functions may be used to generate test data sets for developers, application testers, or analysts.

Random dictionary substitution

Enables DBAs to substitute actual data with a list of “dictionary” terms. This can provide realistic content in an end-user application without disclosing the real-data when the data domain is a finite set (e.g., city names).

The masking functions work on server side next to the data, versus client side which risks exposing unmasked data on the client.

Prior to 8.0.33, MySQL enabled masking and de-identification capabilities using a MySQL server plugin. We have transitioned the masking capabilities to use the more modern component infrastructure. The new approach extends and improves the functionality of the plugin in a few ways:

  • Support for all MySQL character sets in general-purpose functions.
  • Additional special-purpose masking and random data generation functions.
  • Enhancement of some random data generation functions with additional parameters.
  • Dictionaries are persisted in the database and not in files.
  • Modification of dictionaries is possible with admin functions secured by a special privilege.


Using the new MySQL Enterprise Data Masking and De-Identification features allow developers and DBAs to easily address regulatory and data privacy requirements. They can protect sensitive columns of information by providing functions that:

  • De-identifies the data: Scrambling identifiers of individuals, also known as personally identifiable information (PII).
  • Masks sensitive data: Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health, and employment information.
  • Maintains data validity: Provide data that can be used by fully functional applications.

Do you wish to know more about MySQL Enterprise Edition? Get a no-cost 30-minute consultation with our MySQL experts by writing to

Know about Clover Infotech’s MySQL Database Service Offering here.

Leave a comment

Your email address will not be published. Required fields are marked *

Subscribe to Our Blog

Stay updated with the latest trends in the field of IT

Before you go...

We have more for you! Get latest posts delivered straight to your inbox