Data Anonymization: Definition, Importance, Pros & Cons, Techniques & Use Cases

At the turn of the Millennium, everyone was excited about the speed and convenience of the internet. Even before it became common to pay bills electronically, the ability to chat socially online, and the ease with which one could make multiple copies of information and send it anywhere, felt like magic.

The convenience masked the point that sending anything electronically was never really private. In fact, using a computer at all opened the user up to all kinds of personal invasions. And the more people used public internet access, the more insecure our data became.

Bad actors bent on exploiting that insecurity figured out how to steal information by tricking people into installing malware onto their computers (usually disguised as .exe files attached to an email, or shared files accessed over the cloud), tricking them into divulging personal passwords, or intercepting electronic communications “in flight.”

To exert some control over data, governments instituted protocols aimed at making applications more secure and protecting sensitive information, companies began educating their employees about data security practices, and software engineers developed more secure systems, including tools and techniques for protecting data.

One of those is data anonymization.

What is data anonymization?

Data anonymization is the process of protecting private or sensitive information by erasing encrypting identifiers that connect an individual to that data. For example, you can run personally identifiable information (PII) through a data anonymizer that keeps the data intact but protects the source.

Key data anonymization techniques

• Data masking: “Hiding” sensitive data by changing its appearance. Usually, masking entails applying modification techniques to data, such as character shuffling, encryption, and word or character substitution. Sometimes masking involves creating a mirror version of a database before the data is masked. For example, you can replace a value character with a symbol such as an asterisk (*) or “x.” Data masking is supposed to make reverse engineering or detection impossible.
• Pseudonymization (data de-identification): Replacing private identifiers with fake identifiers or pseudonyms. For example, you can replace the identifier “John Smith” with “Mark Spencer.” Pseudonymization preserves statistical accuracy and data integrity, enabling you to use the modified data for training, development, testing, and analytics while protecting the privacy of the individual.
• Generalization: Editing some aspects of the data to make the record less identifiable. For example, you can change “5 Meadowbrook Ave.” to “2 - 19 Meadowbrook Ave.” This retains the broad description of the location without pointing to a specific house. The idea is to make the information general enough to protect individual privacy without rendering the information unusable.
• Data swapping: Rearranging the data attribute values so that they don’t correspond with the original records. For example, swapping columns that contain identifying values such as date of birth. It is thought that data swapping (also known as shuffling or permutation) may have more impact on anonymization than membership-type values.
• Data perturbation: Modifying the original dataset slightly by applying techniques that round numbers and add random noise. The base for rounding values needs to be proportional to the values themselves; for example, for rounding values like age, you can use a base of 5. However, rounding must be done carefully: a small base may lead to weak anonymization, and a large base can reduce the utility of the dataset.
• Synthetic data: Creating an artificial dataset with algorithmically manufactured information that has no connection to real events. This is an alternative to altering the original dataset or using it as-is and risking privacy and security. The process entails creating statistical models based on patterns found in the original dataset. You can generate the data using standard deviations, medians, linear regression, or other statistical techniques.

Why is data anonymization important?

Data anonymization is crucial to any organization that retains information that includes PII. The theft of confidential data or files, or engineered corruption of data by an outside actor, can wreak untold havoc on individuals, and cost untold sums of money and time to correct. Data anonymization enables companies to analyze and even share data without exposing the owners of that data to risk.

Data anonymization also supports compliance with legal and regulatory requirements that govern the collection and use of personal information such as IP addresses, device IDs, cookies, and health or financial records, such as:

• Sarbanes-Oxley Act (SOX)
• Fair and Accurate Credit Transaction Act (FACTA)
• Free and Secure Trade Program (FAST)
• Health Insurance Portability and Accountability Act (HIPAA)
• General Data Protection Regulation (GDPR)

Pros and cons of data anonymization

Data anonymization enables companies to engage in data analysis without compromising the privacy of their customers. It also enables companies to show that they are abiding by data privacy regulations. However, there are a handful of downsides.

For one thing, collecting anonymous data and deleting identifiers from the database limit your ability to derive value and insight from your data. (For example, anonymized data cannot be used for marketing efforts or to personalize the user experience.)

For another, data anonymization itself is not a 100% guaranteed action. Organizations need to be careful about:

• How the removal of identifying factors is done
• How the resulting data is stored (including data that could be used for re-identification)
• What the de-identified data is used for
• How users are notified about the process being done
• What consent is obtained (if needed)
• What other data may be available that could contribute to re-identification (e.g., publicly available sources)

There’s also something called data de-anonymization (also called data reidentification), which is used in data mining to re-identify encrypted or obscured information. De-anonymization is accomplished by cross-referencing anonymous data with other data sources to uncover the source of the anonymous data and reverse the anonymization process to reveal the identities of individuals associated with the data.

Real-world uses of data anonymization

• Marketing research companies and institutions often use data anonymization to safeguard confidential information while collecting data at a large scale. For example, since hospitals and research labs often collaborate, hospitals may implement data anonymization techniques to share valuable yet confidential information.
• Retail businesses rely on customer data for insights and market research but may find it difficult to get explicit consent from customers for those purposes. These businesses may use data anonymization to obscure or completely remove personalized parts of customer data to analyze trends and demographics.
• Financial institutions may use data anonymization to protect sensitive customer information, like bank account details, credit card numbers, and transaction histories. This enables them to conduct data analysis, perform fraud detection, and enact regulatory compliance without compromising their customers’ privacy.
• Schools may also benefit from data anonymization to protect their student’s privacy and detailed records.

Data anonymization with CData Virtuality

CData Virtuality provides embedded tools for data masking and pseudonymization that work seamlessly with all your data silos in real time, regardless of whether the silo is on site or in the cloud.