Masking is a privacy-enhancing technology (PETs), whereby sensitive information is replaced by random characters in the same format as the original data, but without a mechanism for retrieving the original values. This is a common practice in test environments, which require realistic-looking data but cannot be populated with actual customer or employee data. Masking is essentially permanent tokenization. Masking can also be used to control access to sensitive data based on entitlements. This approach, known as dynamic data masking, allows authorized users and applications to retrieve unmasked data from a database, while providing masked data to users who are not authorized to view the sensitive information.