“…tokenization is a data security model that generates surrogate values, called tokens, to replace sensitive data—credit card numbers, for example—in applications and database fields. The sensitive data is simultaneously encrypted and stored in a central data vault, where it can be unlocked only with proper authorization credentials...”
In 2011…expect to see many more mid-sized to large enterprises adopt tokenization more broadly to protect many other types of sensitive information, including electronic health records (EHR).
It does this by removing sensitive data from applications and databases, which has the added benefit of reducing scope for Payment Card Industry Data Security Standards (PCI DSS) compliance audits. Over the past couple of years, the tokenization data security model has taken its rightful place alongside data encryption, and it is well on its way to becoming a commonplace solution for credit card protection.
What’s more, a particular version of tokenization—Format Preserving Tokenization™—is equally adept at protecting personally identifiable information (PII) and electronic health records (EHR) to help organizations comply with data privacy laws like the EU Data Privacy Directive and HIPAA.