# Securing PII Data Capture - Admissions Saral App supports enabling PII data encryption from `v1.7.0` release which is added to admissions usecase. The admissions record captures sensitive PII data of a student. It is necessary to manage data security. Saral reference backend provides data encryption feature for Admissions record which can be configured at field level(each and every column/key in admissions record). Currently supports 6 different levels of encryption termed as: * ENCRYPTANDHASH - does encryption of data first and then hashing of encrypted data for added security * ENCRYPT - does encryption of data only * HASH - does hashing of data only * MASK - does masking of data only * ENCRYPTANDMASK - does encryption of data first and then masking of encrypted data for added security * ENCRYPTARRAY - does encryption of array type of data Saral reference solution uses below algorithms for data security ``` Encryption: AES 256 Hashing: SHA 256 ``` Data encryption can be configured under branding for a specific state. A new key named “encryptionSchemas” is added to brands schema which holds an object containing info about field level encryption enabling/disabling with the type of encryption. Refer to [configurable-branding.md](/learn/features/configurable-branding.md) for more details. By default the reference solution implements admissions record encryption as shown in below sample, which is added to default branding record and saved under brand collection in DB. ``` "encryptionSchemas": { "admissions": { "studentAadharNumber": "ENCRYPTANDMASK", "studentFirstname": "ENCRYPT", "studentSurname": "ENCRYPT", "studentDateOfBirth": "ENCRYPT", "studentAddress": "ENCRYPT", "studentBlock": "ENCRYPT", "studentDistrict": "ENCRYPT", "guardianFirstname": "ENCRYPT", "guardianSurname": "ENCRYPT", "fatherName": "ENCRYPT", "fatherContactDetails_phone1": "ENCRYPTANDMASK", "fatherContactDetails_phone2": "ENCRYPTANDMASK", "motherName": "ENCRYPT", "motherContactDetails_phone1": "ENCRYPTANDMASK", "motherContactDetails_phone2": "ENCRYPTANDMASK", "rollNumber": "ENCRYPTANDHASH", "addressOnRationCard_address": "ENCRYPTANDHASH", "addressOnRationCard_ward": "ENCRYPTANDHASH", "addressOnRationCard_block": "ENCRYPTANDHASH", "addressOnRationCard_district": "ENCRYPTANDHASH", "predictionInfo": { "trainingData": "ENCRYPTARRAY" } } } ``` Reference solution also allows state/adaptors to override the above encryption config by defining a similar structure as shown above in state specific branding. **Refer to this documentation to know more about additional guidelines that can be implemented to secure data** [**Data Security guidelines for Saral - Admissions use case**](https://docs.google.com/document/d/1tH5B3bZF57YoVUDJhVb_ra7Xti7I_DENof0KClZJlRM/edit?usp=sharing) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://saral.sunbird.org/learn/features/securing-pii-data-storage.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.