Sending PII

  • Updated

The Osano PII API stores data in a dedicated, private Amazon AWS Quantum Ledger. Unlike most blockchain solutions, the AWS ledger is highly performant and well suited to the task of storing records that need to be permanent.

Submitting data to the API is free-form, meaning that your developers can submit any key/value pairs that they would like. Osano stores the key in plain text and one-way hashes the value using SHA-512 encryption and a unique salt for each customer.

For example, your development team might submit to the API in the form of /endpoint?first_name=John&social_security=123456789. In this case, we store a record that first_name and social_security are fields your company stores, the values "John" and "123456789" are encrypted using the one-way hashing.

One way hashing is irreversible, meaning that the data can not be decrypted, even if the owner knows the encryption key. When the ledger is searched, you may search for social_security=123456789, we then encrypt your search string using the same hash and search for whether that hash exists in the Osano ledger under your account. If a match is found, we return a positive match result.

Osano never returns the actual data and can not be used to look up customer data, it can only be used to lookup field/key names and whether the value exists in that dataset. In practical terms, this means that Osano is a perfect API for your DSAR lookups across all vendors. Rather than querying each vendor independently and spending days chasing down records of data transfers, you can instead query Osano and use Osano as your system of record for data transfers.

Using this process ensures high security and because this information can not be decrypted, it is no longer PII and does not have to be deleted in the event of a data subject request.