Module : privacy

Module overview

The privacy module acts as the foundation in making the Ballerina a privacy-aware programming language. The module provides the required utility functions that allow pseudonymization, de-pseudonymization, and deletion of Personally Identifiable Information (PII).

A pseudonymized identifier will be issued by the pseudonymize function for a provided PII. The actual PII value will be stored in the selected pluggable PII Store. The issued identifier can be used to represent the particular PII in other locations. The depseudonymize function can be used to obtain the actual PII value and give the pseudonymized `` identifier. PII can be deleted from the store using the delete function.

Samples

import ballerina/h2;
import ballerina/io;
import ballerina/privacy;
import ballerina/sql;

h2:Client testDB = new({
    path: "./H2PIIStore/",
    name: "TestDBH2",
    username: "SA",
    password: "",
    poolOptions: { maximumPoolSize: 1 }
});

final string TABLE_NAME = "PII_STORE";
final string ID_CLOUMN = "id";
final string PII_COLUMN = "pii";

public function main(string pii) returns error? {
    // Creates the database structure in the H2 PII store.
    var creationStatus = testDB->update("CREATE TABLE IF NOT EXISTS PII_STORE (ID VARCHAR(300) NOT NULL, PII VARCHAR(300) NOT NULL, PRIMARY KEY (ID))");
    if (creationStatus is sql:UpdateResult) {
        io:println("PII to be persisted: " + pii);

        // Creates a storage that uses an H2 database to persist Personally Identifiable Information (PII).
        privacy:H2PiiStore piiStore = new(testDB, TABLE_NAME, ID_CLOUMN, PII_COLUMN);

        // Store PII information in the storage and take a pseudonymized identifier (UUID) representing the stored data.
        var pseudonymizedPii = privacy:pseudonymize(piiStore, pii);
        if (pseudonymizedPii is string) {
            io:println("Pseudonymized identifier: " + pseudonymizedPii);

            // Reads the PII by providing the pseudonymized identifier.
            var depseudonymizedPii = privacy:depseudonymize(piiStore, pseudonymizedPii);
            if (depseudonymizedPii is string) {
                io:println("Deseudonymized value: " + depseudonymizedPii);
            } else {
                return depseudonymizedPii;
            }

            // Deletes the PII by providing the pseudonymized identifier.
            var deleteStatus = privacy:delete(piiStore, pseudonymizedPii);
            if (deleteStatus is error) {
                return deleteStatus;
            }
        } else {
            return pseudonymizedPii;
        }
    } else {
        return creationStatus;
    }
}

Objects

H2PiiStore

Represents personally identifiable information (PII) storage mechanisum based on H2 database

MySqlPiiStore

Represents personally identifiable information (PII) storage mechanisum based on MySQL database

PiiStore

Represents a storage mechanisum usable to store personally identifiable information (PII)

Functions

delete

Delete personally identifiable information (PII) from the PII store

depseudonymize

Depseudonymize the identifier by retrieving the personally identifiable information (PII) from the PII store

pseudonymize

Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier in the PII store