As a rule, the software masks identifying information, Polak says: «Only when something is deemed to be a threat do you get approval from the chief privacy officer or part of the legal team to be able to
break the glass» — decrypting more
granular personal
data — «and see who the individual is,» he adds.