The best type of data anonymization – generalization, suppression, pseudonymization, data swapping, or perturbation – depends on the needs of the company.
Table of Contents
Why is Data Anonymization Needed?
Top 12 Types of Data Anonymization
How Do I Choose the Right Type of Data Anonymization?
Why are There So Many Different Types of Data Anonymization?
Every Type of Data Anonymization Can Leverage Business Entities
Why is Data Anonymization Needed?
Data anonymization is a way for companies and organizations to mitigate regulatory and legal risk by removing or concealing sensitive elements of data they gather. By doing so, organizations make it far more difficult (or even impossible) to identify any individuals with whom data is associated. Data anonymization tools ensure compliance and reduce liability in an increasingly stringent regulatory environment, where data privacy violators regularly face legal action.
If your company collects, stores, transfers, or otherwise engages with sensitive data, data anonymization techniques are often required. Sensitive data can include Personally Identifiable Information (PII) like names, telephone numbers, dates of birth and more. It can also include financial or medical records. The question then becomes, “Which type of data anonymization do I need?” There are many types of data anonymization, and your choice will depend on your business model, the type of data you deal with, your data architecture, the specific sources where your data resides, who your data consumer is, and more. It also depends on internal policies and with which specific regulations you choose or are required to comply.
Top 12 Types of Data Anonymization
There are many different types of data anonymization. Here are 12 of the most common:
-
Data masking tools delete, obscure, or replace original data with new, functional, realistic data that cannot be reverse engineered to its original. They can also use character shuffling or word/character substitution.
-
Data tokenization tools replace sensitive data with non-sensitive values. For example, tokenization would swap a bank account number for a random string of characters, while leaving the actual bank account number securely stored.
-
Synthetic data generation tools algorithmically generate or create new data using statistical models based on the original dataset.
-
Pseudonymization substitutes real identifiers with fake ones, or pseudonyms. Pseudonymized data maintains its statistical integrity and usability without compromising privacy.
-
In the pseudonymization vs encryption equation, encryption turns sensitive data into encrypted code that only users with the key can decrypt.
-
Generalization eliminates specific portions of the dataset, making the values less identifiable. For example, generalization could remove house numbers from an address, but not street names.
-
Data perturbation modifies original data values by rounding number up or down or adding other noise.
-
Data hashing transforms a specific key or string of characters into different values, using an algorithm to map the values changed so they are still discoverable without revealing the underlying private data.
-
Data swapping (or shuffling or permutation) shuffles attribute values so they don’t match up with the original values.
-
Data redaction removes or “blacks out” confidential values from a dataset.
-
Data nulling deletes sensitive data from a dataset and replaces it with NULL values or attributes.
-
Bucketing turns one specific and distinguishing value – like a person’s last name – into a generalized value, like LASTNAME.
How Do I Choose the Right Type of Data Anonymization?
Some types of data anonymization are better suited to certain types of data. For example, character masking (see definition below) is better for concealing direct identifiers, while aggregation and similar types of data anonymization work better with indirect identifiers. While data perturbation is better when attribute values are continuous, data with discrete values (like yes/no) may be more successfully anonymized using other techniques.
Furthermore, it’s important to bear in mind that different types of data anonymization modify data in very different ways. Some replace the value of an attribute across all data records, while others modify only a portion of an attribute, such as character masking. Other types of data anonymization like pseudonymization replace the whole attribute with totally unrelated, yet statistically consistent, data, and still others remove the attributes being anonymized altogether. All of these can be used in combination, as well. For this reason, it’s important to drill down into the many and varied types of data anonymization available today.
Why are There So Many Different Types of Data Anonymization?
Different use cases, business models, industries, and regulatory environments call for different types of data anonymization. For example:
-
Financial services companies are regulated by PCI DSS and other security standards. By adopting various types of data anonymization, financial services companies can remain compliant with regulations, while still offering in-demand customized products to their various audience segments and using anonymized data for operational use cases like software testing or analytics.
-
Healthcare equipment in institutions like hospitals and clinics – alongside widely-adopted wearable solutions for home use – all produce data that assists both care providers and researchers. At the same time, this data is subject to strict regulatory regimes like HIPAA. Data anonymization empowers healthcare providers to effectively conduct research without compromising patient privacy.
-
Telco and media firms gather vast amounts of data on the usage habits of millions of subscribers. By anonymizing sensitive dataset values, these companies can better understand how and where users consume services without comprising customer privacy.
-
Educational technologies create significant amounts of data about learning trends that can be invaluable to improving methods and systems. Yet since this data regards children, it is subject to the highest data privacy standards. Data anonymization is an excellent way to protect this data – avoiding personal identification and maintaining compliance.
-
Utilities gather vast amounts of consumer usage data to provide more reliable and cost-effective services. Different types of data anonymization allow them to use data that is inherently private to effectively identify trends and tweak their service offerings based on data-driven decision making.
Every Type of Data Anonymization Can Leverage Business Entities
Entity-based data masking technology manages and stores the data associated with a specific business entity (customer, invoice, or device) in an individually protected Micro-Database™. This rule-based approach to data anonymization enhances productivity, while still safeguarding regulatory compliance and customer privacy.
