Learn how to protect sensitive information using Privacy Shield.
In this article
What are Privacy Shield levels?
Set sensitive data for your organization
- Specify default sensitive data for your organization in Data Quality > Privacy Shield. These data will be unavailable to a vendor or masked if vendor supports Privacy Shield for these attributes.
- Configure and send data-sharing request with masking. When turning on the Privacy Shield toggle, all your default sensitive settings apply. To configure data masking for individual application, configure which attribute to mask/make unavailable in Attributes.
Depending on the attribute set you choose to mask, an appropriate Privacy Shield Level will be applied for an application.
What are Privacy Shield levels?
If an application supports Privacy Shield, it also can have one of three Privacy Shield levels. Each level displays how many attributes are masked on this application. The minimum attributes set required by each level are as follows:
- Level 1: Last Name.
- Level 2: Last Name, First Name, and Email.
- Level 3: Last Name, First Name, Middle Name, Username, Email, Phone, and Birth Date.
If you activate an application or send a data-sharing request to an application with masked attributes that do not meet the default application level, a new level will be applied for your application instance. For example, if you activate the level 3 application but choose only Last Name to mask, your activated application will have level 1. The Privacy Shield Level displays near the application icon
How is data masked?
- If the application supports Privacy Shield for these data, sensitive data will be masked.
- If data is required by an application, sensitive data will still be shared.
- Otherwise, sensitive data will NOT be shared with an application.
Privacy Shield masks the following attributes for students, teachers, or contacts:
Attribute | Description | Original | Masked |
---|---|---|---|
Last Name | Exposes the first character, replacing the rest of the string with the -ggl’ and adding a unique set of 7 lowercase letters from a-z. |
Davidson | D-ggl'abcdefg |
First Name | Exposes the first character, replacing the rest of the string with the -ggf’ and adding a unique set of 7 lowercase letters from a-z. |
John | J-ggf'abcdefg |
Middle Name | Exposes the first character, replacing the rest of the string with the -ggm’ and adding a unique set of 7 lowercase letters from a-z. |
Michael | M-ggm'abcdefg |
Username | Exposes the first character, replacing the rest of the string with the -ggu’ and adding a unique set of 7 lowercase letters from a-z. |
DavidsonJ | D-ggu'abcdefg |
Email Address |
Replaces the email username with a string of 16 random letters, adds the district GUID before the domain, and replaces the domain with Upon activation of the application by a district, returns an empty string before data import. |
jane_example@example.com | AvCakjsdOdIc@11000000-0000-0000-0000-000000000000.gg4l.io |
Birth Date | Exposes the year of birth and replaces day and month of birth. If a day and month less than 6 months from the current date, replaces with 01/01 , or 09/01 if more than 6 months. |
Birth date: February 15, 1990 Current date: May 10, 2024 |
01/01/1990 |
Phone numbers (Phone, Home Phone, Sms, Phone Number, Work Phone) | Replaces the all characters with +10000000000 |
(555)123-4567 | +10000000000 |
Set sensitive data for your organization
Identify the data that needs protection with Privacy Shield. Such data will be marked as sensitive on Data Access Consent.
-
Navigate to the Data Quality > Privacy Shield.
- (Optional) In the Filter dropdown, specify the data sources you want to set Privacy Shield. If empty, the settings will be applied to all data sources in your district.
- Choose an entity.
- Select the Privacy Shield checkbox to specify as sensitive.
- Click Save.
Apply Privacy Shield for data sharing
To apply Privacy Shield to an application, you should send a Data Sharing Request for changes with the enabled Privacy Shield.
- Go to the application > Overview > Request Changes.
- To protect all sensitive data in bulk, turn on the Privacy Shield toggle. Data will be made unavailable for sharing or shared in masked form as described above.
- To protect only specific data, go to the Attributes section:
- Select the Available checkboxes for data to be shared with the application. Data that is not selected will not be shared.
- Select the Privacy Shield Supported checkboxes for data to be shared but masked. This option is only available for data that is Privacy Shield supported by the application.
- Click Request Changes and wait for its approval.
- Run import.
Browse Privacy Shield results
Before the initial synchronization, you can preview how the masked data is shares with an application. To display masked data, go to Data Browsing > Rostering and choose an application.
Select a record and observe how the Vendor sees your data. In the folowing screen, the contact's Last Name (1) and Email (2) have been masked, and the Username (3) is not available to be shared.
When viewing a full dataset for a record, on the Privacy Shield Information tile you can view the applications to which this record has been masked and how. Please note that this information is displayed only when you view the full data set for the record.
Note:
If a duplicate conflict arises for a record with sensitive data that has been masked by Privacy Shield, additional PII metadata will be included in the resulting record once the conflict is resolved.