There are several methods that my customers use to validate that their data has been masked. Depending on the custom they may use 1 or more of the following options.
1. Delphix Masking Report:
a. Review your masking inventory and that all columns assignments are correct
b. Monitor progress and results on the monitor tab, check your job for Start/End times, status and number of rows masked
c. Review masking report on the Monitor tab
2. Side-by-side UI testing:
a. View the masked data from the application UI
b. View the unmasked data from the application UI
c. Assure the application displays no sensitive data
d. Execute and compare application reports
3. Custom SQL scripted queries
a. Compare a masked database to a non-masked database for testing
b. Write SQL Queries to select or join masked and unmasked data
c. Compare that the data is masked
d. Compare that the data is masked consistently
It is best to test that the combine sensitive data for an individual has been broken. Keep in mind that the Delphix Secure Lookup algorithms by design allows collisions. Also, that if an unmasked value is in the SL algorithm there is the slightest possibility that the value has bee masked to the original value.