When naming vault accounts designed to custody client funds, Fireblocks recommends anonymizing or pseudonymizing the vault name to help maintain the confidentiality of the end client’s Personally Identifiable Information (PII).
Within a Fireblocks workspace, all users have visibility into the Vault. Any PII used as a Vault account name will be visible to all users within the Fireblocks workspace, including insiders who should have restricted visibility and third-party auditing firms (if added via an API user). In addition, Fireblocks Customer Operations has visibility into Vault names.
We advise maintaining a third-party system to create and maintain a register that matches client data to an Internal ID. From there, the Internal ID can be used to name each end client's Vault account on Fireblocks.
For example, a client may maintain the last several digits of the hash of the client’s information on a third-party register and store this data as the Fireblocks Vault name. In this scenario, the name "John Doe" becomes “431037f908” when run through SHA-256.