Data security and data privacy

Most organizations understand the need to secure access to personally identifiable information. Sensitive values in records are often protected at rest (storage), in transit (network) and in use (fine-grained access control), through a process known as de-identification. De-Identification is a spectrum where data security and data privacy issues must be balanced with data usability.

Pseudonymization

Pseudonymization is the process of de-identification by substituting sensitive values with a consistent, non-sensitive value. This is most often accomplished through encryption, tokenization, or dynamic data masking. Access to the process for re-identification (decryption, detokenization, unmasking) is controlled, so that only users with a business requirement will see the sensitive values.

Advantages:

• The original data can be obtained again.
• Only authorized users can view the original data from protected data.
• It processes each record and cell (intersection of a record and column) individually.
• This process is faster than anonymization.

Disadvantages:

• Access-Control Dependency: Pseudonymized data remains linkable to its original form if authorized users have access to the decryption or tokenization mechanism, which requires strict security controls.

• Regulatory Considerations: Since pseudonymization allows re-identification under controlled access, it may not meet the same compliance exemptions as anonymization under certain privacy regulations.

• Increased Security Overhead: Additional security measures are needed to protect the tokenization keys and manage access controls, ensuring only authorized users can reverse the process.

• Limited Protection for Quasi-Identifiers: While direct identifiers are typically tokenized, quasi-identifiers (e.g., birthdates, ZIP codes) may still pose a re-identification risk if not generalized or redacted.

• Using tokenized data might make analysis incorrect and or less useful (e.g., changing time related attributes).

• The tokenized data is still private from the users perspective.

• Further processing is required to retrieve the original data.

• Additional security is required to secure the data and the keys used for working with data.

Anonymization

Anonymization is the process of de-identification which irreversibly redacts, aggregates, and generalizes identifiable information on all data subjects in a dataset. This method ensures that the data retains value for a wide range of use cases, including analytics, data democratization, and sharing with third parties. At the same time, it ensures that the individual data subject can no longer be identified in the dataset.

Advantages:

• Anonymized datasets can be used for analysis with typically low information loss.
• An individual user cannot be identified from the anonymized dataset.
• Enables compliance with privacy regulation.

Disadvantages:

• Being an irreversible process, the original data cannot be obtained again. This is required for some use cases.
• This process is slower than pseudonymization because multiple passes must be made on the set to anonymize it.