Pseudonymisation and anonymisation in data privacy
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Most organisations in the bid to process archive data, or legacy data, ensure that they either anonymise data or, for data that might be used in the future, tend to pseudonymise data. Though the two terms are interlinked, there is the tendency for stakeholders to often misconstrue the difference embedded in both processes. In this article, I attempt to extrapolate the meaning of these terms and give working examples of how they can be employed in any business process.
To create a contextual foundation, it is important that we first create a clear distinction between anonymization and pseudonymisation. Anonymization, according to the Information Commissioner’s Office, means that individuals are not identifiable and cannot be re-identified by any means. In other words, anonymous information, therefore, is not personal data and does not fall under the ambit of data protection law.
Pseudonymisation, on the other hand, means that individuals are not identifiable from the dataset itself. But they can be identified by referring to other information held separately. This data is still personal data and falls under the ambit of data protection laws.
Quite often, most companies wonder what is the benefit of anonymising data. Well, in data privacy speak, anonymization carries a lot of positives. For starters, it reduces data protection risks within an organisation and enables the company to make information to organisations that may need it for the enhancement of products or services.
For example, a company needs to carry out certain analytics about how their customers behave in their online shop environments and they want to know what, on an aggregate level, makes the customers come back to their site. However, this particular company would like to employ a third-party company to carry out this particular task. In order to pass the information in a technical and organisational manner to the third-party, all identifiers in the data were removed.
One of the most important principles in data protection laws remains data minimisation. How can companies meet this requirement? Anonymisation can help organisations meet the requirement of data minimisation and the framework helps the company adhere to the principle of processing data in a fair, lawful, and transparent manner.
Pseudonymisation technique divides personal data into two parts. The key point is that pseudonymisation does not necessarily change the status of data. It only separates data in a manner that helps create a security protocol in the management of data sets. Without the merger of these datasets, the data can’t be identified. This remains personal data and companies must ensure that they employ the security measures in ensuring that the principle of re-identification is hard to meet and that the accessibility of these data is limited to only individuals whose roles and responsibilities have been defined.
In the employment of anonymisation and pseudonymisation, companies must ensure that they have the right security in place, with the right implementation also, companies can meet their data privacy by design aim and, most importantly, help prevent personal data breaches within organisations. There are no known or established standards in the implementation of these two techniques but stakeholders within companies must define the best approaches and assess the risks embedded in this process.