This is obviously in stark contrast to the initial aim of improving data protection by implementing pseudonymization. In IT-security this problem is typically summarized in the wise saying that “complexity is an enemy of security” 25. When (authorized) re-identification of subjects is not an exceptional but a common procedure, e.g. due to longitudinal data collection, implementing pseudonymization can significantly increase the complexity of software solutions. For example, data stored in distributed databases, need to be dynamically combined with each other, which requires additional interfaces for communicating between the various subsystems. Obviously, this is in contrast to the objective of improving data protection.
Data Utility
The data-protection methods de-identify data of its sensitive elements, allowing data-driven organizations to simultaneously protect data and extract its value. This article deals with pseudonymization as one method of de-identifying or anonymizing sensitive data. IRI publishes more in-depth information on the topic in its learning center article on pseudonymization here.
What Does the GDPR Say About Pseudonymization?
For example, using format-preserving encryption to encrypt identifiers (eg an email address) as pseudonyms, while preserving the format of the data. Finally, you must also monitor the state of the art and ensure that the methods you use continue to be appropriate as techniques evolve. It is ultimately a decision for you to take based on your specific circumstances. We discuss the methodology to assess the risk of singling out a person in the section How do we ensure anonymisation is effective?. You should also consider whether the pseudonymisation technique you use is useable and scalable, so that it is practical for the processing activity you want to carry out.
Pseudonymisation
- The GDPR’s introduction of pseudonymization and its greater emphasis on anonymization will provide opportunities for data controllers to use personal data in more innovative ways.
- The collection of fine-grained personal health data has become an important element of biomedical research, which is required to obtain characterizations of patients and probands in necessary breadth and depth.
- Depending on the circumstances, you could use other forms of encryption.
- Moreover, the ability to link and update the data managed by the service is likely to become critical.
- Pseudonymising a new field now simply requires updating the “fields” parameter of the “script_params”.
Federal Trade Commission (FTC) has emphasized that techniques like hashing (often used in pseudonymization) do not render data anonymous. In its 2024 blog post, the FTC reaffirmed, “No, hashing still doesn’t make your data anonymous,” highlighting how hashed data can be reversed or linked when adversaries have access to the original inputs. This reinforces that de-identified does not mean de-risked and that organizations relying solely on hashing or similar techniques are leaving the privacy door cracked open. Article 4(5) defines pseudonymization as processing data in a way that it can no longer be attributed to a specific data subject without additional information—provided that information is kept separately and securely.
- The Pseudonymization Service neither supports pseudonym spaces nor record linkage.
- By default, all the cryptographic transformation methods of de-identificationhave referential integrity, whether output tokens are one-way or two-way.
- Resell trusted cybersecurity solutions with easy setup, 24/7 support, and tools to grow your IT business.
- Benzschawel and Da Silveira developed a multi-level privacy protection scheme for a national eHealth platform 35.
- Pseudonymized data, meanwhile, is still considered Personal Data, since it can be used for re-identification of the data subject, if combined with additional information.
You must choose a technical solution for pseudonymisation that compliments the organisational measures you use. You must ensure that the technical measures are carried out effectively and appropriately. The additional information that can be used to identify people from a pseudonymised dataset is a source of risk, so you must put in place measures to protect it. If you apply pseudonymisation properly, it can be a useful mechanism to enhance the security of personal data and support your overall compliance with the data protection principles. This is because data protection law is clear that information is personal data if a person is identified or identifiable, directly or indirectly.
Anonymization vs. pseudonymization: Spot the difference
The amount of data keeps increasing, exponentially, and it moves quickly between applications and systems in the cloud and on-premises. With more governments passing data-compliance laws—and with more individuals asserting their right to data privacy—organizations, understandably, feel squeezed between monetizing and securing data. Challenges include maintaining data utility while ensuring privacy and constantly adapting to new data threats. The complexity of pseudonymization processes can also be resource-intensive. Minification is a process of eradicating or eliminating all pointless characters from the whole code.
V. Comparison of pseudonymisation and anonymisation
Two sets of inclusion https://on-line-customer-service.com/what-are-the-benefits-of-using-automation-for-routine-tasks/ and exclusion criteria were defined – one for the screening of papers and one for the selection of tools. See our guidance on encryption in the Guide to the UK GDPR for more information on appropriate encryption algorithms and the required technical and organisational measures to implement them. Tokenisation is an efficient technique, and therefore it can be suitable for large-scale processing. As there is no mathematical relationship between a token and an original identifier, knowledge of a token does not allow an attacker to re-identify a person.
Contextual Factors
Anonymization and pseudonymization are two terms that have been the topic of much discussion since the introduction of the General Data Protection Regulation. The GDPR recognizes the privacy-enhancing effect of these techniques by providing exceptions to many of the most burdensome provisions of the regulation when steps are taken to de-identify personal data. By making it impossible or impractical to connect personal data to an identifiable person, data controllers and processors are permitted to use, process and publish personal information in just about any way that they choose.