Data Masking Guide: Privacy Protection for Phone Numbers, ID Cards, and Emails
What Is Data Masking
Data masking partially covers or replaces sensitive information so it remains identifiable in format without exposing the original data:
Original: Zhang San, 13812345678, 110101199003071234
Masked: Zhang *, 138****5678, 110101****071234
Core principle: Masked data must not be reversible to the original value, while preserving format information for display and statistics.
Common Masking Templates
Phone Number
| Rule | Original | Masked Result |
|---|---|---|
| Mask middle 4 digits | 13812345678 | 138****5678 |
| Show last 4 only | 13812345678 | *******5678 |
| Show first 3 only | 13812345678 | 138******** |
Recommended: Mask middle 4 digits (preserves area code and tail for display needs).
ID Card Number
| Rule | Original | Masked Result |
|---|---|---|
| Mask middle 8 digits | 110101199003071234 | 110101****071234 |
| Show first 3 and last 4 | 110101199003071234 | 110***********1234 |
| Mask birthday | 110101199003071234 | 110101********1234 |
18-digit ID: first 6 (region) + 8 (birthday) + 3 (sequence) + 1 (check digit).
Bank Card Number
| Rule | Original | Masked Result |
|---|---|---|
| Mask middle | 6222021234567890 | 6222****7890 |
| Show last 4 only | 6222021234567890 | ************7890 |
Email Address
| Rule | Original | Masked Result |
|---|---|---|
| Partial username mask | zhangsan@qq.com | zha****@qq.com |
| Full username mask | zhangsan@qq.com | ****@qq.com |
Name
| Rule | Original | Masked Result |
|---|---|---|
| Keep surname | Zhang San | Zhang * |
| Keep surname | Ouyang Xiu | Ouyang * |
Masking Methods Compared
| Method | Mechanism | Reversible | Use Case |
|---|---|---|---|
| Partial cover | Replace middle part with * |
❌ No | Display, logging |
| Hash replacement | Replace with hash value | ❌ No | Data analysis, linking |
| Encrypted storage | Encrypt and store, decrypt when needed | ✅ Yes | Scenarios needing recovery |
| Pseudodata replacement | Replace with fake data | ❌ No | Test environments |
Using the Masking Tool
Step 1: Open the Tool
Visit the Data Masking tool.
Step 2: Enter Sensitive Data
Paste the phone number, ID card number, email, or other text you want to mask.
Step 3: Choose a Masking Rule
The tool provides preset templates:
- Phone number masking (middle 4 digits)
- ID card masking (middle 8 digits)
- Email masking (partial username)
- Bank card masking (middle digits)
- Custom rule (specify position and length to mask)
Step 4: Copy the Masked Result
Click copy to use the masked data for display or logging.
Hash Replacement: More Secure Masking
Need to preserve data uniqueness without reversibility? Use hash replacement:
Original phone: 13812345678
SHA256 hash: a3f2b8c... (64-char hex)
- Same input always produces the same hash → linkable
- Cannot reverse the hash to the original value → irreversible
- Use the Hash tool to compute hash values
Compliance Requirements
GDPR (EU)
- Data minimization principle
- Processing requires a clear legal basis
- Data subjects have the right to access and delete
PIPL (China's Personal Information Protection Law)
- Sensitive personal information requires separate consent
- Includes: ID numbers, bank accounts, phone numbers, etc.
- Masking is a common approach to satisfy the "minimum necessary" principle
Industry Standards
| Standard | Requirement |
|---|---|
| PCI DSS | Card numbers show at most first 6 and last 4 digits |
| HIPAA | Medical information must be de-identified |
| MLPS 2.0 | Sensitive data storage requires encryption or masking |
Common Issues
| Issue | Cause | Solution |
|---|---|---|
| Still inferable after masking | Too few digits masked | Increase the masking range |
| Inconsistent format | Different systems use different masking rules | Standardize masking templates |
| Logs leak plaintext | Logs not masked | Auto-mask before logging |
| Frontend shows plaintext | API returned full data | Mask on the backend before returning |
Summary
Data masking is the first line of defense for privacy protection. Mastering masking templates for phone numbers, ID cards, bank cards, and emails — and choosing the right masking method based on compliance requirements — is essential for data security. The Masking tool provides preset templates and custom rules. Combined with the Replace tool and Hash tool, it covers all scenarios from display masking to data replacement.