Skip to main content

Pattern 2: Encrypting General PII

Beyond payment data, many other fields are considered Personally Identifiable Information (PII) under regulations like GDPR and CCPA. This pattern shows how to apply the same "Encrypt, Preserve, Delete" logic to common PII like email addresses and Social Security Numbers.

The Pattern

For any PII field:

  1. Encrypt the full value using a dedicated PII_ENCRYPTION_KEY.
  2. Extract a non-sensitive, analytics-safe portion (e.g., the email domain or the last 4 digits of an ID).
  3. Delete the original plaintext field.

Implementation

You can add this logic directly to the same mapping processor you used for payment data, making your pipeline more efficient.

  1. Start with your Pipeline: Open the encrypt-card.yaml file from Step 1.

  2. Add the PII Encryption Logic: Add the logic for email and ssn to the bottom of the existing mapping processor.

    Add this to your 'mapping' processor
    # --- Logic from Step 1 (Card Encryption) ---
    # (The existing logic for card numbers should be here)

    # --- START: New additions for Customer PII ---

    # Encrypt SSN (if it exists)
    if this.customer.ssn.exists() {
      let clean_ssn = this.customer.ssn.re_replace_all("[^0-9]", "")
      root.customer.ssn_encrypted = clean_ssn.encrypt_aes("gcm", env("PII_ENCRYPTION_KEY"))
      root.customer.ssn_last_four = clean_ssn.slice(-4)
    }

    # Encrypt Email (if it exists)
    if this.customer.email.exists() {
      let email_parts = this.customer.email.split("@")
      root.customer.email_encrypted = this.customer.email.encrypt_aes("gcm", env("PII_ENCRYPTION_KEY"))
      if email_parts.length() == 2 {
        root.customer.email_domain = email_parts[1]
      }
    }

    # Remove the original plaintext PII fields
    root.customer = this.customer.without("ssn", "email")

    Note: This step uses a separate PII_ENCRYPTION_KEY. Ensure you have set it as an environment variable.

Verification

When you run your data through the updated pipeline, the customer object will now be protected. The ssn and email fields will be gone, replaced by their encrypted versions and their analytics-safe derivatives. This same pattern can be extended to any number of PII fields, such as phone numbers, names, or addresses.