Privacy Enhancing Technologies

Immuta’s privacy enhancing technologies (PETs) dynamically mask and anonymize sensitive data – with mathematical guarantees – to accelerate data sharing use cases.

What is Privacy Enhancing Technologies?

Data teams can leverage Immuta’s market-leading suite of 20+ dynamic controls to address any privacy requirement for sharing sensitive data, including PII, PHI, or personal data. These controls include:

Differential Privacy

Statistically guarantees that any individual record within a data set cannot be identified Injects noise into queries to protect the privacy of individual records and enable increased data sharing

Masking with k-Anonymization

Easily apply k-anonymization at query time to seamlessly prepare sensitive data for use Eliminate manual approaches that require mathematicians to prevent re-identification

Randomized Response

Achieve local differential privacy to protect specific columns Enable mathematically guaranteed limits on an attacker’s ability to exploit data


Apply obfuscation techniques at query runtime without writing code or copying data Leverage one or more dynamic controls, including hashing, regular expression, rounding, conditional or external masking, and replacement with null, constant, reversibility, format-preserving masking, or k-anonymization

Anonymization & Pseudonymization

Implement anonymization and pseudonymization techniques when queries are run, without additional code or data copies Protect data using advanced controls, including differential privacy, randomized response, rounding, and more


Enforce minimization controls at query runtime to return a percentage of the data or otherwise restrict access using prebuilt privacy controls Avoid spending time writing new code or copying data

Frequently Asked Questions

What are the most common de-identification techniques?

There are a range of effective common data de-identification techniques used by modern organizations. These techniques include k-anonymization/generalization, randomization, pseudonymization combined with data masking, and more. Data can also be de-identified completely through redaction or suppression, but these techniques render the data completely unusable for analysis. Masking techniques de-identify data for security purposes while still leaving it usable for those who need it, balancing security with efficiency.

What is k-anonymity?

k-Anonymity is a privacy enhancing technology (PET) that works by combining large sets of data with similar attributes. In doing so, direct or indirect identifiers about any individual contributing to that data set are obscured, often through generalization or suppression of attributes. k-Anonymization is often referred to as the power of “hiding in the crowd,” and is useful in protecting against re-identification.

What is the difference between data masking vs. hashing?

The difference between data masking and hashing is that data masking involves removing or hiding sensitive data using a different value that is similar in structure to the original data, while hashing uses a formula to generate string of characters that is fixed in length. Since hashes are concise and unique, they make large data sets easier to compare, yet make reversal significantly more difficult, if not impossible.

What is tokenized data?

Tokenized data refers to a piece of non-sensitive data with no intrinsic value, known as a token, that stands in for another piece of sensitive information. The concept is akin to using poker chips to represent money. Tokens are stored within a database, so only those with access to the database are able to derive the original information from the tokenized data.

What is an example of PII obfuscation?

Obfuscation of personally identifiable information (PII) limits exposure of the sensitive data in ways that still allows portions of it to be useful. An example of PII obfuscation is nulling a bank account number for anyone except those with authorization to see the full number. This is particularly necessary in instances of fraud detection and analysis, because it allows those involved in fraud investigations to reference exact account numbers, but prevents people in other, unrelated departments from seeing customers’ full account numbers.

Have 29 minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.