Developers face an increasingly complex challenge on top of their regular development work: meeting the demand for data privacy.
For this reason, protecting personally identifiable information (PII) and data privacy compliance are critical responsibilities for software developers. And these PII challenges often require a unique approach to solve.
Acting as a “separation of concerns”, the Anonomatic PII Vault removes the direct link between Auth0 and your database, completely cutting all PII out of your database and keeping PII secure within the PII Vault. At the same time, the integration between Auth0 and Anonomatic PII Vault eliminates the need to store any PII in Auth0.
Auth0/PII Vault integration
PII Vault integration uses a single Action in Auth0’s built-in Login Flow. When a user logs in, Auth0 ensures that the user is registered with PII Vault.
Client application/PII Vault integration
The client application then receives a notification of the user login and will receive the user’s unique identifier from Auth0. Rather than storing this value, the application calls the PII Vault and obtains the user’s unique PII Vault Poly-Id.
With the PII Vault Poly-Id, the application can store all the user’s PII in the PII Vault to remove the direct link between Auth0 and your data. You may then use the PII Vault Poly-Id to serve as the unique identifier for that user, either on the user profile record or on all of the user data. It is up to you and your needs.
Protecting Your Application from Loss of PII
Rather than take the risk of storing PII in your database, where it may be a target, store it in the highly specialized PII Vault. When you receive PII, it gets stored in the PII Vault, and when you need it, use the selective reidentification API to obtain only what is needed for each specific workflow or user.
The PII Vault currently includes two sets of APIs: high-level and low-level. The most commonly used APIs are three of the high-level APIs, which are used to de-identify, mask and re-identify your data.
The three APIS are:
- PassthroughAnonymize(): De-identify your data seamlessly within any data pipeline
- PassthroughReIdentify(): Selectively re-identify your data so only the minimum PII is available
- PassthroughMask(): Mask your data so you can use your product data in non-production.
Poly-Anonymization vs. Encryption & Tokenization
Legacy privacy protection techniques like encryption and tokenization are still being used because they are considered the only data anonymization tools available. But they do not solve the data privacy problem. New data anonymization and privacy compliance approach was needed, which is the origin of Poly-Anonymization™ – a key component in the PII Vault solution.
Poly-Anonymization involves taking any personally identifying pieces of information (name, gender, address, social security number, etc.) and swapping it out for our Poly-Anonymous Identifier (Poly-Id). Poly-Id values are unique, inconsistent, unpredictable, have multiple potential values, and are not hashed. Once data is poly-anonymized, it can easily be shared without the usual risk of loss of exposure. Now, any number of poly-anonymized data sets can be combined, at the individual level, without ever receiving any PII. This makes robust and smart insights, AL, and ML models more attainable.
Use Case: Helping Organizations Share, Collect and Use Highly Sensitive Data
The PII Vault technology was originally designed and built for the L. A. Trust for Children’s Health, which oversees over 100 healthcare facilities that provide a wide array of services to the 600,000+ students of the LA Unified School District. They wanted to know what impact different healthcare services have on academic performance, leading them to build the Data xChange.
PII Vault is the data privacy engine that permits the Data xChange to collect and analyze the HIPAA-protected data for 200,000 patients and the FERPA-protected data from 600,000+ students. With PII Vault, all the data is de-identified before it leaves the firewall of the organization (e.g., Planned Parenthood) and is shared with the LA Trust.
Going far beyond tokenization, when the LA Trust receives this data, they receive no PII at all. Instead, the data for each individual from each data source is stamped with a Poly-Id. Then, with PII Vault’s Anonymous Data Matching, the LA Trust is able to combine the data at the individual level, even though data records have different Poly-Id values.
With this unique capability, the LA Trust can now answer questions such as, “When a student starts getting treated for asthma, what happens to their attendance?”. See some of these groundbreaking insights for yourself at New Research Highlights Success of School-Based Health Centers — The LA Trust for Children's Health (thelatrust.org)
Check out the Anonomatic PII Vault integration on the Auth0 Marketplace to learn more about how PII Vault eliminates the need to store PII data in your application. You can also start your free trial to test out all our features (up to 2,000 unique individuals) at PIIVault (anonomatic.com).