1.4.4 Obfuscation
Steganography, tokenization, data masking.
Obfuscation makes data difficult for people or tools to understand or interpret without the proper key or context.
Data Masking and Minimization - Data masking hides original data with modified content — for example, showing only the last four digits of a credit card and replacing the rest with asterisks. - Anonymization permanently removes all identifying markers so individuals cannot be re-identified, often for research or analytics. - Pseudo-anonymization replaces identifiers with artificial ones, allowing re-identification only if the linking key is available. - Data minimization is a core privacy principle (central to GDPR): collect and keep only the minimum PII/PHI needed for the task.
Tokenization - Tokenization swaps a sensitive value for a non-sensitive substitute called a token. - Nonsensical values: a token has no exploitable meaning outside the system that issued it. - The vault: a secure database maps each token back to the original data, such as a primary account number (PAN). - Security benefit: because tokens are random, they are useless to an attacker even if intercepted or stolen.
Steganography - Steganography hides a secret message or file inside another, ordinary-looking file such as an image or audio clip. - LSB (Least Significant Bit): a common technique that alters the last bit of each pixel's color value to store data without visibly changing the image. - Cover object: the carrier file (for example a .jpg or .mp4) that conceals the payload. - Detection: finding hidden data needs forensic tools that spot statistical anomalies in file size or bit patterns.
Administrative Roles in Data Protection - Data controller: decides the why and how of processing and ensures overall regulatory compliance (a GDPR term). - Data processor: handles and processes data on behalf of the controller. - Data custodian / steward: the technical role managing storage, backups, and security controls. - Data owner: usually the organization, holding legal rights and ultimate responsibility for the data.
Quick recall - Asterisks and Xs → trigger for data masking. - Random substitute strings / credit cards → trigger for tokenization. - Images or audio files → trigger for steganography. - LSB (Least Significant Bit) → the primary mechanism of digital steganography. - PII/PHI → the data types these methods protect.