Key word here is obfuscation: To obfuscate PII data accessed by an application housed in a database, the company should mask the data. This can be done by replacing the actual data with fake data that has the same format and characteristics, but is not sensitive or identifiable. This can be done using techniques such as data masking or data pseudonymization.