The invention generally relates to data privacy, and more particularly, to a method and system for tokenization of data for privacy.
Generally, data privacy has been a major concern in the scenarios where in data storage and data transmissions are involved. Confidential data such as medical details, etc. are under potential risks and require proper measures for preventing data leakage. For example, an application may be associated with databases consisting of name, address, social security number, and other personal data. This data may be required by a third party application for a genuine purpose. But the third party application environment may not have the safeguards in place to adequately protect the sensitive data. Such scenarios demand that there exist some mechanisms for data privacy.
Currently, many approaches, schemes and compliances have been in use for enforcing data privacy. Tokenization is one such approach which is widely used in data privacy mechanism. It prevents data leakage by substituting the original sensitive data with a non-trivial data token. It is prevalent in Payment Card Industry due to security reasons standards do not allow the vendors' to keep a record of customers' credit card number and other details in the vendors' database.
However, the existing tokenization systems are not sufficiently flexible. They provide very limited range of mechanisms to pursue tokenization leading to less usage options. This leads to dissatisfied users as the user preferred configuration might not be feasible in several cases. Also, in order to increase the scope of tokenization, extensive data types must be supported in the system.
Hence, there is a need of a method and system for tokenization of data for privacy to satisfy varied user requirements, by providing a full-fledged flexible and wide spectrum tokenization system to protect sensitive data from leakage with wide variety of configurable options and settings.