Anonymization and Pseudonymization

Data Protection Measures.
Case Study

Our client conducted an Internal Investigation. An U.S. government agency’s claim for information against our client forced our client to deal with data protection and the transfer of personal information to a non-EU country. After lengthy consultations with German and U.S. attorneys, it was decided to send the requested documents redacted. These were documents from the board of directors of our client.

However, the US authorities were not satisfied with this approach. It was noted that when all information is blacked out, it cannot determined whether there have been lines of communication and frequent contact between individuals. After consultation with the lawyers involved and the project’s IT experts, the procedure was adapted.

All personal information was redacted and the names of the board members were replaced by pseudonyms. In addition to the known names, misspelled names, abbreviations and acronyms were also replaced by numbers. Our project management team not only assigned more and more numbers, but also carefully documented which pseudonym was used on what page of each document.

In the course of the project some members of the board decided to disclose their names. With a few clicks, the pseudonymization could be reversed.

Anonymization

Anonymization is the alteration of personal data in such a way that these data can no longer be attributed to an identified or identifiable natural person, or only with a disproportionate expenditure of time, cost and manpower.

Pseudonymization

In pseudonymization, the name or another identification feature is replaced by a pseudonym (usually a code consisting of a combination of letters or numbers) in order to exclude or make it considerably more difficult to establish the identity of the person concerned.

Difference

In contrast to anonymization, pseudonymization preserves references of different data sets that were pseudonymized in the same way. Thus, pseudonymization makes it possible to assign data to a person, which is not possible or difficult without this key.

Source: Wikipedia

What can we do for you?

Get in touch with us.
WordPress Cookie Plugin by Real Cookie Banner