Organizations Need to De-Identify Personal and Sensitive Data for Privacy Compliance
Data de-identification obscures, hides, or changes personal data to conceal the identity of a person. Various technologies can de-identify data, including masking, encryption, and obfuscation tools. For analytics and reporting, business leaders and analysts do not need identity data to understand purchasing trends, regional buying preferences, or service-related data. In these cases, de-identifying personal data or data that might infer someone’s identity protects privacy and does not impact business operations.
Data de-identification is closely related to data anonymization, but the focus is on anonymizing data that can specifically identify an individual. Data anonymization utilizes various techniques to remove identity from electronic records that can identify a specific individual. This identity data is referred to as personally identifiable information (PII) and includes name, email, phone, address or other information that relates to a specific person.
Anonymization and pseudonymization describe de-identifying data for specific outcomes; the goal of anonymization is that data is not re-identifiable. However, in pseudonymization, data can be re-identified for legal or medical purposes (only by those who hold the re-identification keys).
What regulations specify data de-identification?
- Safe Harbor
Here are additional resources to learn more about data de-identification:
- UK Information Commissioner’s Office, Data de-identification
- NIST, “De-Identification of Personal Information”
You just learned about Data De-Identification, now explore related terms like Data Encryption, Data Masking, Data Anonymization, and Pseudonymization.