Implementing Sensitive Data Masking
The PeopleSoft HCM provides row-level security for Administrator components and ensures that only authorized users have access to different segments of employees. However, this does not control or secure the access to fields on the page that show sensitive information. For protecting such sensitive data, new configurations are provided to mask the sensitive content in respective pages.
The Data Masking addresses the protection of sensitive data by providing a configurable option of masking sensitive content in administrator pages.
The Sensitive data masking is limited to fields storing the following information:
Bank Account Number
Date of Birth
National ID
Driver’s License Number
Passport Number
Video: Image Highlights, PeopleSoft HCM Update Image 28: Data Privacy Enhancements - Sensitive Data Masking
|
Page Name |
Definition Name |
Usage |
|---|---|---|
|
INSTALLATION_TBL1B |
Enable the settings for data masking. |
|
|
NID_TYPE_TABLE |
Configure national ID mask format for each national ID type. |
|
|
HCSCM_AUTHROLE |
Define the authorized roles who have access to the sensitive information |
|
|
HCSCM_COMP_CONFIG |
View components for which the data masking is configured, and enable or disable data masking at component and field group level |
|
|
HCSCM_COMP_CFG_DTL |
View masking parameters, configure mask format and associated fields. |
Note: The Role Data Masking Admin provides access to Authorized Roles and Setup Component Level Masking components.
Use the Authorized Roles page (HCSCM_AUTHROLE) to define the authorized roles who can view the sensitive content.
The Field Groups refer to a group of fields that store information like National ID. The three pre-defined field groups available as system data are- National ID, Date of Birth and Bank Account Number.
The Authorized Roles are setup for each field group. The users assigned with authorized roles can see the sensitive content belonging to that field group. For all other users, this information appears masked.
Navigation:
This example illustrates the fields and controls on the Authorized Roles page. You can find definitions for the fields and controls later on this page.
This example illustrates the fields and controls of Authorized Roles for Passport Number.
Field or Control |
Description |
|---|---|
Role Name |
Assign Roles that are authorized to access sensitive content belonging to the selected Field Group. |
There are five defined field groups, they are:
National ID
Date of Birth
Bank Account Number
Driver’s License Number
Passport Number
Note: The authorized roles are setup for each field group. Data in sensitive fields for a field group appear as masked for users who do not have access to any of the authorized roles in that field group.
Use the Setup Component Level Masking (HCSCM_COMP_CONFIG) page to enable or disable data masking at a component and field group level. This page lists all the components for which data masking is pre-configured.
Navigation:
This example illustrates the fields and controls on the Setup Component Level Masking page. You can find definitions for the fields and controls later on this page.
Field or Control |
Description |
|---|---|
Component Name |
Transaction component that displays sensitive content. |
Field Group |
Field Group to which the sensitive field in the component belongs. |
Enable Masking |
Check to enable or disable data masking at a component level |
Masking Parameters |
Select the link to open component configuration page in a modal window to set the masking parameters for each combination of Component and Field Group. |
Note: By default, masking is enabled for all components listed in the Component Level Masking page, provided the Enable Masking check box on the Installation page is selected.
Use the Component Configuration (HCSCM_COMP_CFG_DTL) page to configure the data masking parameters for various components.
For each component, the masking parameters are the records and fields storing sensitive content and any associated information. Associated Fields store information related to sensitive fields. For users without Authorized roles, system masks the sensitive fields and hides the associated fields.
Navigation:
Select the link of Masking Parameters.
This example illustrates the fields and controls on the Component Configuration modal for the field group Date of Birth for the component PERSONAL_DATA.
Note: The Record and Field storing sensitive information is pre-configured as system data, and is read only. Masking format can be modified for Field Groups- Date of Birth and National ID. Associated Fields are pre-configured for a few of the delivered components. This can be modified.
Mask Parameters for Field Group: Date of Birth
Field or Control |
Description |
|---|---|
Component |
Displays the component selected for data masking in Setup Component Level Masking page. |
Birth Date Record |
Record storing Birth Date on the Component. |
Birth Date Field |
Field storing Birth Date on the Component. |
Masking Format |
Options available are:
|
Associated Fields for Field Group: Date of Birth
Field or Control |
Description |
|---|---|
Record Name |
Search and enter record name of the field that displays any information derived or based on the sensitive field. |
Field Name |
Search and enter the field name from the lookup that displays any information derived or based on the sensitive field. |
Component Configuration (Account Number) modal
This example illustrates the fields and controls of the Component Configuration modal for the field group Account Number for the component PYE_BANKACCT.
This example illustrates the fields and controls of the Component Configuration modal for Account Number.
Mask Parameters
Field or Control |
Description |
|---|---|
Component |
Displays the component selected for data masking in Setup Component Level Masking page. |
Number of unmasked digits |
Read Only: For Account Number, the last 4 digits are always unmasked. |
Account Number Record |
Record storing Bank Account Number on the Component. |
Account Number Field |
Field storing Bank Account Number on the Component. |
Associated Fields for Field Group: Account Number
Field or Control |
Description |
|---|---|
Record Name |
Search and enter record name of the field that displays any information derived or based on the sensitive field. |
Field Name |
Search and enter the field name from the lookup that displays any information derived or based on the sensitive field. |
Component Configuration (National ID) modal
For Field Group - National ID, Country and National ID Type - Records and Fields are configured along with the National ID Record and Field. This information is required to identify the Mask Format for National ID at the Transaction level.
This example illustrates the fields and controls of the Component Configuration modal for the field group National ID for the component DEPEND_BENEF.
Mask Parameters
Field or Control |
Description |
|---|---|
Component |
Displays the component selected for data masking in Setup Component Level Masking page. |
National ID Record |
Record storing National ID. |
National ID Field |
Field storing National ID. |
National ID Mask Format |
National ID mask format supports only @ and X. Use X at positions in the National ID that needs masking. The National ID mask format should match the National ID format in length Use @ for showing the input character at that position. For example, for National ID 123-12-1234, if Masking format XXX@XX@@@@@ is used, the masked output will be XXX-XX-1234. Use a single @ for showing unmasked National ID and a single X for masking the entire National ID while preserving the format. For the same example, completely masked output will be XXX-XX-XXXX. Default Mask Format will be used for masking only when
In all other cases, the Mask Format defined in National ID Type page will be used. |
National ID Country
Field or Control |
Description |
|---|---|
Record |
Record storing Country to which National ID belongs. |
Field |
Field storing Country to which National ID belongs. |
National ID Type
Field or Control |
Description |
|---|---|
Record |
Record storing National ID Type for the National ID. |
Field |
Field storing National ID Type for the National ID. |
Associated Fields for Field Group: National ID
Field or Control |
Description |
|---|---|
Record Name |
Search and enter record name. |
Field Name |
Search and enter the field name corresponding to the record name. |
Component Configuration (Driver’s License Number) modal
This example illustrates the fields and controls of the Component Configuration modal for the field group Drivers License Number for the component DRIVER_LICENSE_BRA.
Field or Control |
Description |
|---|---|
Component |
Displays the component selected for data masking in Setup Component Level Masking page. |
Driver's License Record |
Record storing Driver's License Number on the Component. |
Driver's License Field |
Field storing Driver's License Number on the Component. |
Number of unmasked digits |
For Driver's License Number, the last 4 digits are unmasked by default. This can be modified. |
Component Configuration (Passport Number) modal
This example illustrates the fields and controls of the Component Configuration modal for the field group Passport Number for the component GPGB_EE_RTI_FPS.
Field or Control |
Description |
|---|---|
Component |
Displays the component selected for data masking in Setup Component Level Masking page. |
Passport Record |
Record storing Passport Number on the Component. |
Passport Field |
Field storing Passport Number on the Component. |
List of Components Implementing Sensitive Data Masking
|
Component Name |
Description |
Field Group |
|---|---|---|
|
ABSENCE_HISTORY |
General Absence |
Date of Birth |
|
CAREER_DEPEND_SUMM |
Immediate Family |
Date of Birth |
|
DEPEND_BENEF |
Dependent/Beneficiary |
Date of Birth |
|
DEPEND_BENEF |
Dependent/Beneficiary |
National ID |
|
DIRECT_DEPOSIT |
Payment Distribution Bank/Giro |
Account Number |
|
EMPLOYEE_SUMMARY |
Employee Data Summary |
Date of Birth |
|
EMPLOYEE_SUMMARY |
Employee Data Summary |
National ID |
|
EMPLOYEE_SUMM_BEN |
Employee Data Summary |
Date of Birth |
|
EMPLOYEE_SUMM_BEN |
Employee Data Summary |
National ID |
|
EMPL_MATR_BOOK_ITA |
Empl Matricula Data - ITA |
Date of Birth |
|
EMPL_MATR_BOOK_ITA |
Empl Matricula Data - ITA |
National ID |
|
FAMILY_AT_HOST |
Family at Host |
Date of Birth |
|
GPCH_AB_EE_MATERN |
Maternity Leave |
Date of Birth |
|
GPCH_CA_DATA |
Child Benefits Data |
Date of Birth |
|
GPCH_CA_DATA |
Child Benefits Data |
National ID |
|
GPCH_TX_DATA |
Source Tax Data |
Date of Birth |
|
GPES_CRT_COL_RES |
Create Collective Report ESP |
National ID |
|
GPES_EXPT_RSLT |
Expatriate Results |
National ID |
|
GPES_PAYEE_DATA |
ESP Payee Data |
Date of Birth |
|
GPES_PAYEE_DATA |
ESP Payee Data |
National ID |
|
GPES_SSTC_COL_RES |
Collective Report ESP |
National ID |
|
GPES_SSTC_IND_RES |
Individual Report |
National ID |
|
GPES_TAX2_RSLT |
Tax Results |
National ID |
|
GPFR_ATMP_ADMIN |
ATMP Administrative Data |
Account Number |
|
GPFR_ATMP_ADMIN |
ATMP Administrative Data |
Date of Birth |
|
GPFR_ATMP_ADMIN |
ATMP Administrative Data |
National ID |
|
GPFR_ILLNESS_ADMIN |
Illness/Maternity Admin Comp. |
Account Number |
|
GPFR_ILLNESS_ADMIN |
Illness/Maternity Admin Comp. |
National ID |
|
GPGB_EDI_ADJ |
EDI Adjustments |
Date of Birth |
|
GPGB_EDI_ADJ |
EDI Adjustments |
National ID |
|
GPGB_EE_LOANS |
Employee Loans |
Date of Birth |
|
GPGB_EE_LOANS |
Employee Loans |
National ID |
|
GPGB_EE_LOAN_RV |
Employee Loans Review |
Date of Birth |
|
GPGB_EE_LOAN_RV |
Employee Loans Review |
National ID |
|
GPGB_EE_NI |
UK National Insurance Data |
Date of Birth |
|
GPGB_EE_NI |
UK National Insurance Data |
National ID |
|
GPGB_EE_P45 |
GPGB View P45 |
Date of Birth |
|
GPGB_EE_P45 |
GPGB View P45 |
National ID |
|
GPGB_EE_SS |
Assign Share Schemes |
Date of Birth |
|
GPGB_EE_SS |
Assign Share Schemes |
National ID |
|
GPGB_EE_SS_HOL |
Share Scheme Contrib Holiday |
Date of Birth |
|
GPGB_EE_SS_HOL |
Share Scheme Contrib Holiday |
National ID |
|
GPGB_EE_TAX |
UK Tax Data |
Date of Birth |
|
GPGB_EE_TAX |
UK Tax Data |
National ID |
|
GPGB_PSLIP_PU_PNLG |
PU Payslip Component |
National ID |
|
GPGB_RTI_ADJ |
RTI Adjustments |
Date of Birth |
|
GPGB_STDNT_LOAN |
GP UK Student Loans |
Date of Birth |
|
GPGB_STDNT_LOAN |
GP UK Student Loans |
National ID |
|
GPGB_TAX_CREDITS |
GP UK Tax Credits |
Date of Birth |
|
GPGB_TAX_CREDITS |
GP UK Tax Credits |
National ID |
|
GP_PMT_VIEW |
Payments by Calendar Group |
Account Number |
|
HRS_MANAGE_APP |
Find Applicants |
Account Number |
|
HRS_MANAGE_APP |
Find Applicants |
Date of Birth |
|
HRS_MANAGE_APP |
Find Applicants |
National ID |
|
HS_ILLNESS_GER |
GER Illness Tracking |
Date of Birth |
|
IMMEDIATE_FAMILY |
Immediate Family |
Date of Birth |
|
PERSONAL_DATA |
Personal Data |
Date of Birth |
|
PERSONAL_DATA |
Personal Data |
National ID |
|
PYE_BANKACCT |
Bank Account Information |
Account Number |
|
SAMEN_NLD |
Diversity Registration NLD |
Date of Birth |
|
TRVL_CMPNY_PD |
Company Paid Travel |
Date of Birth |
|
TRVL_CMPNY_PD_DEP |
Dependent Company Paid Travel |
Date of Birth |
|
WC_JCR_STATUS2_INQ |
Review All Job Change Request |
Date of Birth |
|
WC_JOB_CHG_REQ_HR |
Request Job Change |
Date of Birth |
|
WC_JOB_CHG_REQ_WC |
Request Job Change |
Date of Birth |
|
DRIVERS_LICENSE |
Drivers License |
DL |
|
DRIVER_LICENSE_BRA |
Drivers License |
DL |
|
GPGB_EE_RTI_FPS |
RTI FPS Employee Details |
PASS |
|
IDENTIFICATN_DATA |
Identification Data |
PASS |
|
IDENTIFICATN_DEP |
Dependent Identification |
Data PASS |