AWS documentation explains that data masking is a technique used to obscure sensitive information while preserving the usability of the dataset for analytics and machine learning. When sharing data with third parties, AWS recommends masking only the fields that contain personally identifiable information (PII) to minimize data exposure while maintaining data utility.

Applying data masking to PII fields ensures that sensitive attributes such as names, email addresses, phone numbers, or identification numbers are replaced with anonymized or obfuscated values. This allows the third-party provider to train machine learning models without accessing real personal data.

Masking all fields would unnecessarily reduce the dataset’s usefulness and could negatively impact model performance. Data encryption protects data at rest or in transit, but once the third party decrypts the dataset for processing, PII would still be exposed. Data labeling helps identify sensitive fields but does not prevent exposure.

AWS emphasizes that selective masking is a best practice for privacy-preserving data sharing, particularly in ML workflows where data structure and statistical properties must remain intact. Therefore, applying data masking only to PII fields is the correct solution.