No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

These Data Anonymization Techniques Don’t Cut It Anymore

Using These Techniques in a Primary Operations Context Exposes Business to Significant Cyber Risk

by Tobias Hann
February 24, 2022
in Cybersecurity, Data Privacy
deep blue illustration of person with face obscured

Data anonymization techniques that maintain a 1:1 relationship between personal info and the people to whom they relate are appropriate in certain use cases. But depending on these techniques in live production environments leaves companies—along with their users and/or employees—vulnerable to a cyber attack. 

Not all data breaches lead to disaster for the companies that have been breached. Virtually every mid-sized to large company uses some sort of data protection, such as data anonymization, which makes data useless to anyone outside of the company. The problem is, many companies are still using anonymization techniques that were sufficient 10 years ago, but fail in today’s modern world. Here are four outdated techniques that companies should use only sparingly (when a use case calls for re-identification), and never in production environments.

Pseudonymization (also called de-identification by regulators in other countries, including the US)

Pseudonymization—which involves replacing personal identifiable information (PII) with an artificial number or code, and creating a new data table—is not true anonymization. It makes data an easy target for a privacy attack. As it turns out, 63% of the US population is uniquely identifiable by combining their gender, date of birth and zip code alone. Most companies, furthermore, do not pseudonymize enough data to eliminate the chance of re-identification.

This is why pseudonymized data must fulfill the same GDPR requirements as the original personal data. That alone should be a signal that this approach is not sufficient to protect data.

Permutation

Permutation involves swapping data points between records to de-identify a person. All data is retained in the table, but some is moved to a different line. For instance, names could be switched around. There are several problems here—one is that there is still a high risk of re-identification, and another is low statistical performance. When you move data around, you lose many of the correlations, insights and relations among columns, rendering the data useless for many analytical purposes. So permutation is not only unsafe, but also wrecks your data.

Randomization

Another classic anonymization approach, randomization entails modifying characteristics according to redefined randomized patterns. For example, one randomization technique is perturbation (not to be confused with permutation), which adds systematic noise to the data to obscure it—for instance, adding or subtracting a certain number of days from a date throughout the table. While some correlations can be preserved, and it may be harder for hackers to retrieve accurate personal data, it is certainly not impossible. The risk of re-identification is still high, and for that reason, randomization is risky.

Generalization

Generalization is another well-known anonymization technique that reduces the granularity of the data representation to preserve privacy. The main goal is to replace specific values with generic but semantically consistent values—for instance, replacing a specific date with a month, or replacing a specific age with an age range. Unfortunately, as with randomization, the risk of re-identification is high, and it impedes statistical performance of the data.

All four of these “anonymization” techniques lead to data that’s not completely anonymous. In all four scenarios, the datasets maintain a 1:1 link between each record in the data to a specific person, and these links are the very reason behind the possibility of re-identification.

Companies using any of these approaches in a production environment would be well served to move to more modern approaches—such as synthetic data – that have been proven to eliminate PII while maintaining the integrity of the data. Some data scientists even claim to prefer synthetic data over real data sets, because they can be analyzed, shared via cloud, and used for AI model development and software testing without risk of re-identification or regulatory compliance issues.

One thing is for certain—bad actors will continue to try to get to your data. Don’t make their jobs easier by using antiquated techniques to protect it.


Tags: Cyber RiskData GovernanceGDPR
Previous Post

This Initiative Is Looking to Foster Board Gender Inclusivity in Sri Lanka Corporations

Next Post

The Modern UK General Counsel Walks a Tightrope Between Legal and Value Creation

Tobias Hann

Tobias Hann

tobias hannTobias Hann joined MOSTLY AI in 2019 and took on the CEO role in 2020. Prior to joining MOSTLY AI, Hann worked as a management consultant with the Boston Consulting Group and as Co-Founder/MD of three start-ups. He holds a PhD degree from the Vienna University of Economics and Business and an MBA from the Haas School of Business, UC Berkeley. Hann loves to travel and to spend time in the mountains – both in winter skiing and in summer hiking.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

Next Post
Two tightropers walk above the clouds

The Modern UK General Counsel Walks a Tightrope Between Legal and Value Creation

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT