Telemetry data sent from applications often contains Personally Identifying Information (PII) like names, user IDs, phone numbers, and other information that must be obfuscated before the data is sent to storage or observability tools, in order to be in compliance with corporate or government policies such as HIPAA in the US or the GDPR in the EU.

At the same time, the application data may contain financial and transaction data, such as credit card or account numbers, that also needs to be obfuscated, but needs to be recoverable in case it's needed for later analysis, like a fraud investigation.

The solution to this situation is to include a Compliance module in your Mezmo Telemetry Pipeline that includes the Encrypt Fields and Redact Processors. With the Encrypt Fields Processor, you can apply an encryption algorithm and key to a specified field. If you have a Pipeline set up to restore data from storage for later analysis, you can then use the Decrypt Processor to restore information that you may need for deeper investigation. With the Redact Processor, you can specify a field to scan for common patterns of PII, and then apply a defined or hashed mask to that information to make it unrecoverable.

This Pipette shows a basic configuration of a Compliance module that is intended to redact User IDs and encrypt credit card numbers. If you'd like to learn more about how a Compliance module can help with your data compliance requirements, reach out to our Technical Services team for a free consultation.