Privacy Shield masking reference
See exactly how Privacy Shield transforms each sensitive attribute before sharing with vendor applications
When Privacy Shield masks a sensitive attribute, it replaces the original value with a placeholder. This article shows exactly what masked values look like for each attribute.
Masked values cannot be reversed. Original data is only accessible to District Admins inside SchoolDay. Vendors always receive masked values and have no way to recover the originals.
Masking is applied at import time and enforced on every subsequent sync.
Caution: If Privacy Shield is disabled mid-year, the next data import will sync original unmasked values to the vendor. Before disabling Privacy Shield, contact SchoolDay Support.
Note: Masking applies only to attributes marked as sensitive and supported by the vendor. Attributes marked as sensitive but not supported by the vendor are excluded from sync entirely.
How each attribute is transformed
| Attribute | Description | Original | Masked |
| Last Name | Exposes the first character, replacing the rest of the string with the -ggl’ and adding a unique set of 7 lowercase letters from a-z. |
Davidson | D-ggl'abcdefg |
| First Name | Exposes the first character, replacing the rest of the string with the -ggf’ and adding a unique set of 7 lowercase letters from a-z. |
John | J-ggf'abcdefg |
| Middle Name | Exposes the first character, replacing the rest of the string with the -ggm’ and adding a unique set of 7 lowercase letters from a-z. |
Michael | M-ggm'abcdefg |
| Username | Exposes the first character, replacing the rest of the string with the -ggu’ and adding a unique set of 7 lowercase letters from a-z. |
DavidsonJ | D-ggu'abcdefg |
| Email Address |
Replaces the email username with a string of 16 random letters, adds the district GUID before the domain, and replaces the domain with Upon activation of the application by a district, returns an empty string before data import. |
jane_example@example.com | AvCakjsdOdIc@11000000-0000-0000-0000-000000000000.gg4l.io |
| Birth Date | Exposes the year of birth and replaces day and month of birth. If a day and month less than 6 months from the current date, replaces with 01/01, or 09/01 if more than 6 months. |
Birth date: February 15, 1990 Current date: May 10, 2024 |
01/01/1990 |
| Phone numbers (Phone, Home Phone, Sms, Phone Number, Work Phone) | Replaces the all characters with +10000000000 |
(555)123-4567 | +10000000000 |
Birth date masking logic
Birth date masking preserves the year but replaces the day and month using the following rule:
- If the birthday is less than 6 months from the current date → replaced with 01/01.
- If the birthday is more than 6 months from the current date → replaced with 09/01.
Example: Birth date is February 15, 1990. Current date is May 10, 2024. February 15 is less than 6 months from May 10, so the masked value is 01/01/1990.
Email masking on first activation
When a vendor application is first activated by a district — before the first data import is run — Privacy Shield returns an empty string for masked email addresses.
After the first import is completed, the full masked email format is applied.
Masked values across multiple applications
The same attribute value is masked differently for each application. Each application receives a unique masked value for the same record, so vendors cannot cross-reference data with each other.
Example: The first name John may appear as J-ggf'ektvawv for one vendor and J-ggf'awnlrnx for another.
To see how a specific record is masked across all applications, go to Data Browsing > Rostering, select the record, and scroll to the Privacy Shield Information tile.
Next steps
- Review Privacy Shield results
- Mark sensitive data attributes
- Privacy Shield levels