Pseudonymization and anonymization offer varying levels of privacy, and shouldn’t be used interchangeably. But what is the difference? This session will demystify these terms with practical use cases.
The practice of data security has historically focused on ensuring that only authorized people have access to sensitive data and systems. What unintended consequences may result when giving access to sensitive data? Generally, this focuses on what is known as direct identifiers, such as an individual’s name, street address, government identification, credit card number, phone number, or email. These identifiers allow someone to quickly and directly identify the individual.
To meet privacy standards and secure even the most sensitive personal identifiers, many businesses are turning to techniques such as pseudonymization and anonymization. However, these two distinct terms are often confused in the data security world. Pseudonymization and anonymization offer varying levels of privacy preservation, and should not be used interchangeably.
This session will present the best practices for pseudonymization and anonymization services, with a framework for when each technique should be used – both nationally, as well as for trans-border communication. Audience members will be presented with use cases for pseudonymization and anonymization for the protection of specific types of PII, such as personal health information. The talk will also provide guidance for how practitioners can extract new information out of an anonymous or pseudonymous database through re-identification, with a policy framework for the operation of these services.