Data Anonymization is a type of information sanitization. Its intent is privacy protection. It is the process of either encrypting or removing personally identifiable information from data sets so that the people whom the data describe remain anonymous. It has been defined as “technology that converts clear text data into a non-human readable and irreversible form, including preimage resistant hashes and encryption techniques in which the decryption key has been discarded.” Data anonymization enables the transfer of information across a boundary, such as between two departments within an agency or between two organizations, while reducing the risk of unintended disclosure. Anonymization is typically done to enable evaluation and analytics post-anonymization.
In the context of medical data, anonymized data refers to data from which the patient cannot be identified by the recipient of the information. Identifiers such as name, address, and full postcode must be removed, together with any other information which, in conjunction with other data held by or disclosed to the recipient, could identify the patient.
The effectiveness of anonymization is tested by attempting to re-identify individuals by the cross-referencing the anonymous data with other data sources. Generalization and perturbation are the two most popular anonymization approaches for relational data.
De-identification & Anonymization Training
Big data innovation is changing the landscape of public engagement. New techniques for analyzing big data rapidly signal companies to new market opportunities, changes in consumer demands, and consumer responses to marketing campaigns. Businesses that utilize big data can adapt to emerging and changing needs and invest in the most promising areas well ahead of their competitors. In the public sector, big data can accelerate health research, measure the impact of public policy, and increase the efficiency of government service delivery.
De-identification and anonymization are the strongest existing methods for protecting individual privacy in the context of big data analytics. We can help your organization to develop in-house de-identification or anonymization capacities to facilitate the use of big data in compliance with privacy laws. We provide privacy expertise, recommendations, and practical implementation tools. These tools helps to develop skills and knowledge for an effective de-identification or anonymization program.
Educating business confidentiality and security staff about risk evaluation tools and standards
We will help build your capacities for de-identification/anonymization by:
Consulting management to develop an in-house training strategy
Providing hands-on training for technical and programming staff
Providing threat and risk assessments aligned with regulatory standards
Identifying viable and cost-effective de-identification/anonymization options
Based on our own hands-on experience implementing de-identification and anonymization in a variety of contexts, we train technical and programming staff to perform de-identification or anonymization according to industry best practices. We will walk staff through the process of de-identifying data and evaluating data risk using the tools best suited to your organization’s needs.
Risk Management Training
We train business, privacy, and security staff in a best-practice approach to evaluating the risk of de-identified data, using both risk measurement tools and regulatory standards. We support staff through the process of risk assessment, documentation, and contractual signing. We help staff to understand, from a business and functional perspective, risk evaluation tools and standards used in Canada, and share our practice-based methodology for evaluating the effectiveness of an organization’s risk management tools and strategies.