In today’s digital age, protecting personal data is more important than ever. With the introduction of the General Data Protection Regulation (GDPR) in Europe and similar policies in the United States, it’s crucial for businesses to ensure that they are handling customer data in a secure and compliant way.

One way to do this is by masking sensitive information, such as email addresses and phone numbers, by default. This means that the information is replaced with a string of asterisks, making it unreadable to anyone without the proper permissions.

In the PHP framework Laravel, it’s easy to implement this functionality by using a trait. A trait is a reusable piece of code that can be added to any class, in this case, the customer model. By using a trait, we can keep the code organised and maintain a single source of truth for masking and unmasking data.

First, we create the trait called “Maskable” and place it in the app/Traits directory. In this trait, we define two methods: one to mask a field and one to unmask a field, while logging the user ID of who unmasked it.

<?php

namespace App\Traits;

use Illuminate\Database\Eloquent\Model;

trait Maskable
{
/**
* Mask the specified field.
*
* @param string $field
* @return void
*/
public function mask($field)
{
$this->$field = str_repeat("*", strlen($this->$field));
}

/**
* Unmask the specified field and log the user ID of who unmasked it.
*
* @param string $field
* @param int $userId
* @return void
*/
public function unmask($field, $userId)
{
$this->$field = $this->original[$field];
\Log::info("Field {$field} unmasked by user ID {$userId}");
}
}

Next, we add the trait to the Customer model and define the fields that should be masked by default. We also use the creating method to mask the fields when a new customer is created.

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;
use App\Traits\Maskable;

class Customer extends Model
{
use Maskable;

/**
* The attributes that should be masked by default.
*
* @var array
*/
protected $masked = [
'email',
'phone_number',
];

/**
* Boot the model.
*
* @return void
*/
public static function boot()
{
parent::boot();

static::creating(function ($model) {
$model->maskFields();
});
}

/**
* Mask the specified fields.
*
* @return void
*/
public function maskFields()
{
foreach ($this->masked as $field) {
$this->mask($field);
}
}
}

By implementing this trait, we can ensure that sensitive customer information is masked by default, making it more difficult for unauthorized individuals to access it. Additionally, the unmask method allows for authorized individuals to access the information while also logging the user’s ID, providing an additional layer of security and accountability.

It’s important to note that this is just one aspect of protecting personal data. Businesses also need to have robust policies in place for data storage, access, and disposal, as well as employee training and regular audits to ensure compliance with relevant regulations such as GDPR and policies in the USA.

Implementing this trait in Laravel is a simple yet effective way to protect personal data and stay compliant with regulations. By masking sensitive information by default and logging access to unmasked information, businesses can take a proactive approach to protecting customer data.

--

--

I write code like it's poetry and test it like it's my enemy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store