If pseudonymisation (or, but not treated here, anonymisation) has always been top of mind for confidentiality purposes, its importance has significantly increased with the emergence/reinforcement of the regulatory landscape on privacy. As we all know, failure in the pseudonymisation process now leads to compliance breaches, which can severely impact an organization both from a financial and reputation point of view.
This explains, as raised by ENISA in its November 2019 Pseudonymisation techniques and best practices Paper, that “in the light of GDPR, the challenge of proper application of pseudonymisation to personal data is gradually becoming a highly debated topic in many different communities”.
Pseudonymisation process should hence be carefully undertaken, satisfying a 3-levels requirements: (1) degree of robustness/accuracy necessary for answering adequately to privacy, (2) degree of utility necessary for processing and understanding the data and (3) degree of security necessary for limiting risks of re-identification. Such a process may obviously differ from a context to another (the specific importance spectrum of each requirement listed above varies in function of circumstances).
Without surprise, adequate technology – i.e. solutions that efficiently responds to the 3-levels requirements of accuracy, utility and security – is a true helper here.
Indeed, it is hardly imaginable that pseudonymisation is still undertaken manually, not solely because of the massive amount of documents to be processed but also because of the high risk of errors such manual review would incur. In other words, in addition to time and energy costs, a manual pseudonymisation does not give sufficient guarantees as regards to the 3-levels requirements.
Technology is hence an essential relay. And the good news is that the algorithms developed are more and more powerful in terms of accuracy, usability and security. State-of-the art algorithms imply (1) an automated recognition of name, location, register numbers, organizations, emails, IP addresses, etc…, (2) coherence in the pseudonymisation processing both in specific document and in the whole data set and (3) capacity of adaptation as regards to clients’ preferred pseudonymisation approaches and policies.
To quote the ENISA Paper, the new-gen algorithms respond adequately to the recommendation that the implementation of pseudonymisation process follows “a risk-based approach, taking into account the purpose and overall context of the personal data processing, as well as the utility and scalability levels they wish to achieve”.
At EisphorIA, we have developed a pseudonymisation solution relying on state-of-the art algorithms and reinforcing them via our in-house R&D.
This solution permits to pseudonymise in a very short time frame, large datasets, showing:
Check to the right an example of outcome processed by our algorithms (processing here limited to persons, organizations and locations) and if you want to discover it in more detail, please don’t hesitate to contact us.