MySQL Secure Deployment Guide  /  Data Masking and De-Identification

Appendix B Data Masking and De-Identification

As of MySQL 5.7.24, MySQL Enterprise Edition provides data masking and de-identification capabilities, which permit:

  • Transforming existing data to mask it and remove identifying characteristics, such as changing all digits of a credit card number but the last four to 'X' characters.

  • Generating random data, such as email addresses and payment card numbers.

The way that applications use these capabilities depends on the purpose for which the data will be used and who will access it:

  • Applications that use sensitive data may protect it by performing data masking and permitting use of partially masked data for client identification.

  • Applications that require properly formatted data, but not necessarily the original data, can synthesize sample data.

MySQL Enterprise Data Masking and De-Identification is implemented as a plugin library file that contains these components:

  • A server-side plugin named data_masking.

  • A set of loadable functions that provides an SQL-level API for performing masking and de-identification operations.

MySQL Enterprise Data Masking and De-Identification can help application developers satisfy privacy requirements that are core to regulatory compliance.

For more information about the components of MySQL Enterprise Data Masking and De-Identification, and how to install and use them, see MySQL Enterprise Data Masking and De-Identification.