Data Masking Process Case Study

Case Study


HSBC is one of the largest banking and financial services organizations in the world with operations in 65 countries and territories. In order to be compliant with the multitude of data privacy laws and regulations their global business operated under, a large consulting firm was hired to design a control process for the use of sensitive production data in non-production environments. Unfortunately, the resulting process had critical shortcomings and failed to adequately resolve HSBC’s data privacy challenges.

Screenshot 2023 11 21 at 9.43 2 2


Axis designed and implemented a new process that uses a DaaS (Data as a Service) approach, making masking simple and efficient. The process is broken into distinct types of requests, each having unique process maps for the business users and the internal Data Privacy Services (DPS) team.


Data Privacy Mission
bg img

The Axis Data Process Design solution went live in September 2019 and delivered outstanding results:

  • Requests increased from 59 to 138 in the first week of the new process
  • SLAs were cut from 6 months to just 6 weeks
  • Feedback indicated the new process was clear, concise, and easy-to-follow
  • A portal was created for application teams to track the progress of their masking requestsApplication teams were able to implement masking in a consistent, uniform fashion worldwide
  • HSBC was able to integrate their corporate data protection standards into the software development process with minimal impact on the development process

In addition to creating the new process, Axis also implemented the following organizational and operational changes:

  • Created company-wide Personally-Identifying Information policy
  • Create a dedicated Data Privacy Service (DPS) team to handle exceptions and mask data
  • Implemented Atlassian Jira Service Desk to provide feedback to teams Established strict Service Level Agreements (SLAs) enforced by the DPS Team
  • Published Standard Operating Procedures (SOP)

Axis designed and implemented a new data privacy solutions process that delivered outstanding results, including increasing requests from 59 in the previous year to 138!