This topic shows you how to configure de-identification algorithms and provides related examples.

Background information

Sensitive Data Discovery and Protection (SDDP) supports hashing, redaction, substitution, rounding, encryption, data decryption, and shuffling. For more information, see Supported data de-identification algorithms.


  1. Log on to the SDDP console.
  2. In the left-side navigation pane, choose Data desensitization > Desensitization algorithm.
  3. Click the tab for the de-identification algorithm that you want to use for static de-identification.
  4. Configure the de-identification algorithm.
    You can configure each de-identification algorithm in the following way:
    • Hashing: Set a salt value for each encryption algorithm.

      In cryptography, you can insert a specific string to a fixed position in a password so that the hash value of the new password is different from that of the original password. This process is called salting. A salt value is the specific string that you insert.

    • Masking: Set parameters for the redaction algorithm.
    • Replacement: Set parameters for the substitution algorithm.
    • Transformation: Set parameters for the rounding algorithm.
    • Encryption: Set a key for each encryption algorithm.
    • Data decryption: Set a key for each decryption algorithm.
    • Shuffling: Select a shuffling method.
      Note You do not need to test the shuffling method. Click Submit directly after you select a shuffling method.
  5. Click Test for a parameter.
    In the Desensitization Algorithm Test panel, check whether the specific parameter for the de-identification algorithm works.Desensitization Algorithm Test

    After the test is completed, close the Desensitization Algorithm Test panel.

  6. Click Submit for the parameter that you have tested.

What to do next

After you configure the de-identification algorithm, go to the Static Desensitization page to create a de-identification task with the de-identification algorithm or modify the de-identification algorithm of an existing de-identification task. For more information, see Perform static de-identification.