PII Shield: Mask Personal Data

This article describes how to mask PII data and exclude sensitive data from a data stream via PII Shield.

Audience: ✅District Admin      ✅Vendor Admin

PII Shield is a security tool that helps protect sensitive data in a database. Sensitive data refers to any information that is considered confidential or private and requires a higher level of protection to ensure its security. This includes personally identifiable information (PII). There are two ways to achieve this:

  • Excluding data from sync by tagging it as Sensitive. After approving a change request, Sensitive data will not be shared with the Vendor. In School Passport, by default, the following fields are set: First/Last/Middle name, Username, Email, Password, Phone numbers, City/state/country of birth. 
  • Masking to hide some of the sensitive data. Only District Admins can see the full information, while Vendor will only see masked data. You can mask First/Last Name and Email address for user-type entities, such as Student, Contact, Teacher, or Admin.

PII Shield can be easily integrated with existing applications and managed. While data masking is not a complete security solution on its own, it is an important complement to other security measures. 

How does Data Masking work?

When you use PII Shield, data masking is applied to a field at sync runtime. 

Note: The data masking of the SP Engagement app can be varied from other apps masking.




First name


Exposes the first letter only, replacing the rest of the string with ***

For Richard, returns R***.

For SP Engagement, whatever sync except for the first one, replaces the whole string with the last name. 

For Richard

Sullivan, returns Sullivan.

Last name

Exposes the first letter only, replacing the rest of the string with ***.

For Susan Rivera, returns R***.

Email address


After app activation (but before any data import has occurred),  returns an empty string.

For jane@example.example, returns nothing.

Whatever sync except for the first one, replace the username of an email with a set of random letters and replace the domain with a gg4l.com.

For jane@example.example, returns jQHDyQuj7vJcveEe59@gg4l.com

Step 1. Create PII Shield rules

The PII Shield rules define which data can be removed and/or masked in the data stream to enhance its security.

By protecting the data, it will be uploaded to School Passport, but will not share with a Vendor app, ensuring your users' privacy is protected.

  1. Navigate to the Quality > PII Shield.
  2. To apply data protection to specific import applications or data schemas, use the Filter dropdown to select them. If you leave the dropdown blank, the settings will be applied to all applications and data schemas in your district.
  3. Choose an entity.
  4. Select the PII Shield checkboxes next to the attribute you want to mask or exclude from sync.
  5. Click Save.

Now the selected fields that you'll import from your data sources will be marked as sensitive. If you turn on the PII Shield toggle, these fields will not be shared.

You can choose what sensitive data will be masked for you, allowing you to keep your users' information.

  1. On the app`s dropdown choose an app.
  2. Navigate to the Application Settings > Data Requirements.
  3. Choose an entity.
  4. On the entity`s tab:
    • To stop sharing fields with your app, select the Include in Data Sync checkboxes next to the respective fields.
    • To mask fields for your app, select the Data Masking checkboxes next to the respective fields.
  5. Click Save&Publish.

Step 2. Sync data with designated protected fields 

To start syncing with masked data, you need to send a request for changes to the app/district with the enabled PII Shield feature.

  1. District Admin: Go to the app detail page > Overview > Request Changes.
    Vendor Admin: Go to the district detail page > Overview > Request Changes.
  2. To exclude all Sensitive Data and apply Data Masking as specified in PII rules, turn on the PII Shield toggle.
  3. To protect specific fields, leave the PII Shield toggle in the "off" position and on the Attributes section:
    • Clear Available checkboxes for the fields that you want to exclude from sharing. 
    • Optional. Select the Data Masking checkboxes for the fields that you want to mask. Please note that you can only mask data that is supported by the district or Vendor. If the district/Vendor does not support data masking for a particular field, its Data Masking checkbox will be disabled.
      Note: You can select from the data selected in the previous step only.
  4. Click Request Changes

Once the changes are approved, data will be masked and/or removed from sharing. For data masking to complete, there might be a need to force a data import sync (specifically for email masking).

View PII data

To view how the data is masking for the app/district, you need to navigate to Data Browsing > Rostering page and select the corresponding app/district.


If you are District Admin, you can also view how the data is masked before initial synchronization with an app. Furthermore, you could view PII metadata for an individual record and see the applications to which the masking applies on the record detail page within the PII Shield Information tile. Please note that this tile is displayed only when you view the full data set for the record.


Additionally, if a duplicate conflict is detected for such a record, PII metadata will be added to the final record after it is resolved.