Anonymization and pseudonymization of personal data - Security Boulevard

Anonymization and pseudonymization of personal data


Cybercriminals are waging a war on our personal data. The latest research from IBM and Ponemon on the cost of cybercrime shows that data record breaches carry a high price tag. The price per exposed data record now stands at a mean of $150 per exposed record. Healthcare records are the costliest when exposed, at $429 per record.

Personal data exposure isn’t just a problem in terms of security and financial cost. Privacy, too, is a crucial consideration. Consumers want to have their privacy respected, so much so that privacy is now a competitive differentiator. A poll carried out by Harris and Finn Partners found that 65% of U.S. consumers said privacy was very important when dealing with a company.

However, protecting personal data is a complicated business. One way that is often touted is to use specialist techniques like anonymization or pseudonymization. Here, I take a look at the pros and cons of these techniques.

Definitions of de-identification, anonymization and pseudonymization

Personal data or Personally Identifiable Information (PII) is information that can be used to identify an individual. Many of the privacy and data security regulations, such as HIPAA and GDPR, are based around the ability to link personal data back to an individual. Therefore, being able to remove links between data and an individual can, in theory, help with meeting some parts of these regulations.

If you can somehow hide or obfuscate identifying links in some manner, this should act to protect an individual, and, by the same token, help to comply with regulations like GDPR. For example, Article 4 of the GDPR states that:

“The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: