Data Anonymization Summary

removing private or confidential information from raw data → results cannot be associated with any individual or company
Protection identity, private activities - Financial aspect
your organization → collect data ( raw data ) + Anonymization policy → data Anonymization → share, store internally - share, store with third parties and publics release ( cloud storage - research - software )
Personal or identifiable data → Information that can lead to the identification of an individual- group of individuals

Direct identifiers → surname, email, phone number, id card
Indirect identifiers → Date of birth, gender, zip code → uniquely identify about 80% of the US population
Pseudonymous or encrypted data → used to re-identify a person and thus remains personal data

Personal data → rendered anonymous → no longer identifiable → is no longer considered personal data
Anonymization Data → must be irreversible

GDPR → General Data Protection Regulation
regulation in EU law → on data protection and privacy → in the European Union and European Economic Area
addresses the transfer of personal data outside the EU and EEA areas.
GDPR sets out seven principles for the lawful processing of personal data

Lawfulness, fairness and transparency → Processing must be lawful, fair, and transparent to the data subject.
Purpose limitation → process data for the legitimate purposes specified to the data subject when you collected it.
Data minimization → collect and process only as much data as absolutely necessary for the purposes specified.
Accuracy → keep personal data accurate and up to date.
Storage limitation → You may only store personally identifying data for as long as necessary for the specified purpose.
Integrity and confidentiality → Processing must ensure appropriate security, integrity, and confidentiality → encryption
Accountability → The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Can cause harm to the individual - fingerprints, biometric data
Sensitive business information → Poses a risk to the company in question if discovered - trade secrets, acquisition plans
Structured data → Stored in a structured way - Easily searchable - Relational databases, spreadsheets, JSON, XML, CSV
Unstructured data → anything else - difficult to search - Text files, reports, emails

Anonymization methods → suppression masking - swapping, generalization
Pseudonymous → Reversible process use: key - treated as personal data because enables re-identification
Measuring anonymization and risks → K-anonymity, Differential privacy → Focus on structured data
Tools for structured data → ARX, Cornell Anonymization Toolkit
Tools for unstructured data → MIST: MITRE Identification Scrubber Toolkit, Natural Language processing tools OpenNLPor

removing private or confidential information from raw data → results cannot be associated with any individual or company
Protection identity, private activities - Financial aspect
your organization → collect data ( raw data ) + Anonymization policy → data Anonymization → share, store internally - share, store with third parties and publics release ( cloud storage - research - software )
Personal or identifiable data → Information that can lead to the identification of an individual- group of individuals

Direct identifiers → surname, email, phone number, id card
Indirect identifiers → Date of birth, gender, zip code → uniquely identify about 80% of the US population
Pseudonymous or encrypted data → used to re-identify a person and thus remains personal data

Personal data → rendered anonymous → no longer identifiable → is no longer considered personal data
Anonymization Data → must be irreversible

GDPR → General Data Protection Regulation
regulation in EU law → on data protection and privacy → in the European Union and European Economic Area
addresses the transfer of personal data outside the EU and EEA areas.
GDPR sets out seven principles for the lawful processing of personal data

Lawfulness, fairness and transparency → Processing must be lawful, fair, and transparent to the data subject.
Purpose limitation → process data for the legitimate purposes specified to the data subject when you collected it.
Data minimization → collect and process only as much data as absolutely necessary for the purposes specified.
Accuracy → keep personal data accurate and up to date.
Storage limitation → You may only store personally identifying data for as long as necessary for the specified purpose.
Integrity and confidentiality → Processing must ensure appropriate security, integrity, and confidentiality → encryption
Accountability → The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Can cause harm to the individual - fingerprints, biometric data
Sensitive business information → Poses a risk to the company in question if discovered - trade secrets, acquisition plans
Structured data → Stored in a structured way - Easily searchable - Relational databases, spreadsheets, JSON, XML, CSV
Unstructured data → anything else - difficult to search - Text files, reports, emails

Anonymization methods → suppression masking - swapping, generalization
Pseudonymous → Reversible process use: key - treated as personal data because enables re-identification
Measuring anonymization and risks → K-anonymity, Differential privacy → Focus on structured data
Tools for structured data → ARX, Cornell Anonymization Toolkit
Tools for unstructured data → MIST: MITRE Identification Scrubber Toolkit, Natural Language processing tools OpenNLPor