Pseudonymisation
Posted: 22 March 2018 12:47 AM   [ Ignore ]
Avatar
RankRankRank
Total Posts:  208
Joined  2007-02-13

came across this in the new EU GDPR regulations e.g.

“The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and
help controllers and processors to meet their data-protection obligations. The explicit introduction of ‘pseudonymisation’
in this Regulation is not intended to preclude any other measures of data protection. “

(Note the same word is used in the French version of the regulation, but the German version is “Pseudonymisierung")

Plenty of other “...isations” in the world, but this seems quite a mouthful.  Has it had a previous life, or is it a recent thing?

I am familiar with the use of pseudonyms in data handling, and “anonymisation” is a close, well used term.  However “anonymous” is a common adjective, but “pseudonymous”?

Profile
 
 
Posted: 22 March 2018 03:52 AM   [ Ignore ]   [ # 1 ]
Administrator
Avatar
RankRankRankRankRank
Total Posts:  6543
Joined  2007-01-03

It seems to be a term of art in data security and privacy circles, and it’s different from anonymization.

Anonymizing data consists of removing or one-way-encrypting private data fields in a record. Pseudonymizing them consists of replacing them with a pseudonym. The advantage of pseudonymizing data is that it allows the data to be used for it’s primary purpose (e.g., a doctor consulting a patient’s health record) while also allowing use it for statistical purposes by those who don’t have a right to see the private data (e.g., researchers studying health issues). The disadvantage over anonymization is that a data breach is more likely.

Pseudonymous is a well-established, if rare, adjective. The OED records it from 1706. The Corpus of Contemporary American English has some 90 hits for the word, compared to over 8,000 for anonymous. COCA also has 10 hits for anonymization, but none for pseudonymization. (Which doesn’t necessarily mean it isn’t used, only that its use, if any, would be restricted to very specialized publications.) Most of the hits on the first page when I Google it are in references to the EU’s GDPR (General Data Protection Regulation), so I think it’s likely pseudonymization gained a lot of traction from that regulation, but it wasn’t invented for the GDPR. The earliest versions of the Wikipedia page for pseudonymization predate the drafting of the GDPR by some seven years.

[ Edited: 22 March 2018 11:47 AM by Dave Wilton ]
Profile
 
 
Posted: 22 March 2018 07:51 AM   [ Ignore ]   [ # 2 ]
Avatar
RankRankRank
Total Posts:  208
Joined  2007-02-13

And I work around those data security circles, but have always just said/written “use” or “apply” “pseudonyms”.  Maybe I subconsciously screened the term out.

Just to extend, anonymising data permanently breaks the link/identification to the original subject.  Pseudonymising the data keeps the linkage intact for those who need it via a “lookup” facility.  The new GDPR regulations require the ability to “forget on request”, and this is no mean feat given that IT folks have spent years of effort and large sums to ensure that they don’t lose data!  The idea is that managing a deletion from that lookup facility may be an easier way to achieve the new legal ends.

At the risk of heading O/T, I’m not sure if this is actually true. If the bulk of the data is still there, and if someone has access to other data there are usually ways to use cross-references to reconstruct and link back to the subject.  But this kind of thing is getting enough coverage at the moment ;-)

Profile
 
 
   
 
 
‹‹ Winsome      Versing ››