Anonymization vs. Deanonymization (and Pseudonymization)


Anonymization vs. Deanonymization

The recent implementation of the European Union’s General Data Protection Regulation brought with it strict compliance obligations for protecting the personal data of EU citizens, or data subjects. Because of these new regulations and the possibility of sanctions, many organizations collecting data from individuals in the EU are now in search of efficient and effective ways to comply with the GDPR.

One method for compliance is desensitizing the data in question, removing it from the scope of GDPR altogether. In order to desensitize or de-identify information, companies commonly choose to employ anonymization or pseudonymization. The GDPR explicitly states the data-protection principles of the law do not apply to anonymous information—“information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”

However, fully anonymizing a data set is a difficult task, and once it’s done, the anonymous data isn’t designed to be returnable to its original, identifiable form—rendering it useless for almost anything but very high-level data aggregation and analysis. Because the data’s business utility likely was the reason your organization was processing it in the first place, this isn’t a terribly attractive solution.

Pseudonymization

Although it is not impossible to deanonymize anonymized data, it does require extensive data-mining efforts in order to return enough information to make cross-referencing feasible—which defeats the purpose of anonymizing data to begin with. An alternative that “cleanses” sensitive data while still maintaining its valuable business-intelligence purposes is pseudonymization. Pseudonymization is defined in Article 4(5) of the GDPR as:

“The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.”

In other words, pseudonymization is the process of replacing identifying or sensitive data with a pseudonym. TokenEx’s Cloud Security Platform does just that via tokenization—the process of replacing sensitive data with a nonsensitive token. TokenEx’s cloud tokenization successfully pseudonymizes data while outsourcing the risk and security concerns of internal data storage, and many of our existing customers currently use this technology to comply with Payment Card Industry Data Security Standard requirements.

Pseudonymization may also enable processing of personal data beyond the purpose for which it was originally collected. The GDPR requires that personal data be collected only for “specific, explicit, and legitimate purposes,” although further processing may be permissible if it is compatible with the original purpose. Article 6(4) describes the factors that must be taken into account when determining if further processing is compatible, including “the existence of appropriate safeguards, which may include encryption or pseudonymization.”

TokenEx’s Cloud Security Platform can help your organization comply with the GDPR and maintain the business utility of your data by pseudonymizing sensitive information at the point where it enters your system. Our flexible technologies and methodologies make tokenizing, encrypting, and data vaulting work with any acceptance channel your organization uses. For more information, contact us at info@tokenex.com.

Topic(s): pseudonymization

Keep Up With Our PCI & Privacy Blog