Comprehensive and Detailed Explanation From Exact Extract:
The critical requirements are:
De-identify PII (protect individual privacy).
Retain original format and consistency (analytical integrity).
Avoid full irreversible deletion (the process must be reversible/re-identifiable).
Sensitive Data Protection (SDP), also known as Cloud DLP, is Google Cloud's specialized service for discovering, classifying, and de-identifying sensitive data. The specific de-identification technique that meets the need to retain the original format and consistency is Format-Preserving Encryption (FPE).
Extracts:
"Sensitive Data Protection supports several types of tokenization, including transformations that can be reversed, or 're-identified.'" (Source 5.3)
"Pseudonymization by replacing with cryptographic format preserving token (CryptoReplaceFfxFpeConfig)... Preserves format... Reversible transformations can be reversed to re-identify the sensitive data using the content.reidentify method." (Source 5.3)
"Format Preserving Encryption (FPE) is an encryption algorithm that preserves the format of the original data set, but it replaces it with tokens that have no inherent meaning or value... FPE ensures the ciphertext maintains the same format (length, number of hyphens, etc.) as the original plaintext." (Source 5.1)
FPE is necessary for analytical integrity when the structure/format (e.g., 9-digit SSN, 16-digit credit card number) is required for processing in downstream systems.
