How To Protect PII in Your Entity Resolution System
Even with database encryption, an organization runs the risk of unintended disclosure of personally identifiable information (PII). Watch the video below as Senzing CEO Jeff Jonas talks about application-level encryption and how it greatly reduces the risk of unintended disclosure of PII.
The use of application-level encryption in Senzing® entity resolution is unique to the industry. When application-level encryption is used, as new PII data arrives, Senzing software encrypts the data before it is written to the database. In the future, as new data arrives, the encrypted PII data is decrypted for specific entity resolution events and then encrypted again and written back to the database.
The use of application-level encryption in Senzing entity resolution greatly reduces the risk of unintended disclosure.
Have questions about Senzing application-level encryption? Reach out to one of our entity resolution experts.
Video Transcript
Timestamps
0:00 Intro
0:08 Personally Identifiable Information (PII) Database
0:23 The Importance of Database Encryption
0:41 Application-Level Encryption for Senzing Entity Resolution Software
1:03 Decrypted and Re-Encrypted into the Senzing Application
I want to talk for a minute about reducing the risk of unintended disclosure.
0:08 Personally Identifiable Information (PII) Database
Inside of your entity resolution system, there is going to be a database of some form that keeps track of all of the personally identifiable information: names, addresses, date of birth, phone numbers, social [security numbers], drivers licenses and so on.
0:23 The Importance of Database Encryption
While most systems, let’s hope, are running database encryption, that still leaves [organizations] at risk of a database administrators’ credentials being compromised. Or worse, a corrupt database administrator (an insider threat).
0:41 Application-Level Encryption for Senzing Entity Resolution Software
One of the things you can do with Senzing, which is pretty unique in the industry of entity resolution, is application-level encryption on top of the disk level encryption. What that means is Senzing has an encryption and a decryption key. It means [that] as the data is arriving, that personally identifiable information (names, addresses, phones etc) is encrypted when it’s written by the application.
1:03 Decrypted and Re-Encrypted into the Senzing Application
Later during entity resolution processes, as new records arrive, it’s being decrypted on the fly just for that entity resolution event. Then [the data will be re-encrypted], written back to the database, by using [the] Senzing application-level encryption. This greatly reduces the risk of unintended disclosure [of PII].