Skip to content
English
  • There are no suggestions because the search field is empty.

Privacy Shield masking reference

See exactly how Privacy Shield transforms each sensitive attribute before sharing with vendor applications

When Privacy Shield masks a sensitive attribute, it replaces the original value with a placeholder. This article shows exactly what masked values look like for each attribute.

Masked values cannot be reversed. Original data is only accessible to District Admins inside SchoolDay. Vendors always receive masked values and have no way to recover the originals.

Masking is applied at import time and enforced on every subsequent sync.

Caution: If Privacy Shield is disabled mid-year, the next data import will sync original unmasked values to the vendor. Before disabling Privacy Shield, contact SchoolDay Support.

Note: Masking applies only to attributes marked as sensitive and supported by the vendor. Attributes marked as sensitive but not supported by the vendor are excluded from sync entirely.

How each attribute is transformed

Attribute Description Original Masked
Last Name Exposes the first character, replacing the rest of the string with the -ggl’ and adding a unique set of 7 lowercase letters from a-z. Davidson D-ggl'abcdefg
First Name Exposes the first character, replacing the rest of the string with the -ggf’ and adding a unique set of 7 lowercase letters from a-z. John J-ggf'abcdefg
Middle Name Exposes the first character, replacing the rest of the string with the -ggm’ and adding a unique set of 7 lowercase letters from a-z. Michael M-ggm'abcdefg
Username Exposes the first character, replacing the rest of the string with the -ggu’ and adding a unique set of 7 lowercase letters from a-z. DavidsonJ D-ggu'abcdefg
Email Address

Replaces the email username with a string of 16 random letters, adds the district GUID before the domain, and replaces the domain with gg4l.io.

Upon activation of the application by a district,  returns an empty string before data import.

jane_example@example.com AvCakjsdOdIc@11000000-0000-0000-0000-000000000000.gg4l.io
Birth Date Exposes the year of birth and replaces day and month of birth. If a day and month less than 6 months from the current date, replaces with 01/01, or 09/01 if more than 6 months.

Birth date: February 15, 1990

Current date: May 10, 2024

01/01/1990
Phone numbers (Phone, Home Phone, Sms, Phone Number, Work Phone) Replaces the all characters with +10000000000 (555)123-4567 +10000000000

 

Birth date masking logic

Birth date masking preserves the year but replaces the day and month using the following rule:

  • If the birthday is less than 6 months from the current date → replaced with 01/01.
  • If the birthday is more than 6 months from the current date → replaced with 09/01.

Example: Birth date is February 15, 1990. Current date is May 10, 2024. February 15 is less than 6 months from May 10, so the masked value is 01/01/1990.

Email masking on first activation

When a vendor application is first activated by a district — before the first data import is run — Privacy Shield returns an empty string for masked email addresses.

After the first import is completed, the full masked email format is applied.

Masked values across multiple applications

The same attribute value is masked differently for each application. Each application receives a unique masked value for the same record, so vendors cannot cross-reference data with each other.

Example: The first name John may appear as J-ggf'ektvawv for one vendor and J-ggf'awnlrnx for another.

To see how a specific record is masked across all applications, go to Data Browsing > Rostering, select the record, and scroll to the Privacy Shield Information tile.

Next steps

  • Review Privacy Shield results
  • Mark sensitive data attributes
  • Privacy Shield levels