Chapter 5. Pseudonymized Data
Once the identified is removed from data, including people’s names, addresses, and other unique identifiers, you are left with pseudonymized data. This term was popularized with the introduction of privacy regulations in Europe. Technically speaking, the directly identifying information does not need to be replaced with a pseudonym. It could just as well be replaced with a token or fake data or even suppressed entirely. The legal term pseudonymization simply means that direct identifiers have been removed in some way, as a data protection mechanism. And any additional information required to re-identify is kept separate and is subject to technical and administrative (or organizational) controls.
The most critical point to keep in mind is that pseudonymized data is still personal information. The untouched indirect identifiers that remain in pseudonymized data are known to pose a potential re-identification risk. Pseudonymization was introduced recognizing that identifiability exists on a spectrum, and that there are benefits to encouraging the processing of less identifiable data. However, we will also look at potential technologies that sit on top of pseudonymized data for secondary analyses, and where this fits in the anonymization landscape.
Data Protection and Legal Authority
Before we discuss scenarios in which pseudonymized data is further transformed into less identifiable information, it’s worth spending some time considering the benefits ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access