"Fit for Purpose" BigPrivacy Engineering:
The Holy Grail for Maximizing Data Value
Identified as a Cool Vendor by Gartner, we remove restrictions on desired data analytics, AI & ML uses by complying with legal requirements to expand lawful.

Desired Business Outcomes:

Increasing revenue and decreasing risk for future and current:

Repurposing of Data:

Using data beyond original purposes (e.g., analytics, AI & ML).

Data Sharing:

Sharing data internally and with third parties for hosting, processing and enrichment/blending.

Cross Border Transfer:

Complying with data sovereignty laws for data transfer.

The Data Use Challenge:

Unauthorized Re-identification/Stringent Privacy Regulations

Emerging data privacy regulations like the GDPR and CCPA, together with well established industry- and country-specific laws, impose dramatic restrictions on the ability to repurpose, to share and to transfer data for analytics unless technical and organizational privacy controls are in place that reduce the risk of unauthorized re-identification of personal and sensitive data.

Easy Re-identification

The pre-GDPR (and ongoing) reliance on static tokenization (e.g., hashing or encryption), of personally identifying data to protect privacy, underpins the commonplace assumption that the usability of data must be compromised to comply with the new regulations. This is no longer the case. Using dynamic tokenization on both direct and indirect identifiers to protect personal and sensitive data significantly reduces the risk of unauthorized re-identification of individuals due to inference or linkage attacks via the “mosaic effect”.

The GDPR includes the first EU level definition of pseudonymization and explicitly acknowledges that significant re-identification risk remains when static tokens are used and when indirect identifiers are not protected. However, dynamic tokenization (which is, in essence, the definition of pseudonymization under the GDPR), when used as a technical data safeguard to protect a dataset, requires neither data protection nor data utility to be compromised to the extent previously thought. Pseudonymization as defined under the GDPR provides for significant express statutory benefits that allow for expanded lawful data repurposing, sharing and transfer. For a summary of GDPR pseudonymization benefits, see http://anonos.com/pseudonymization-benefits

The Anonos Solution:
Fit-for-Purpose BigPrivacy EngineeringTM

Anonos® BigPrivacy® technology preserves and improves data value by embedding technical and organizational privacy controls into the data to reduce the risk of re-identification and thereby expand permissible data uses. While these controls go by different names under different laws (e.g., “pseudonymization” under the GDPR and “deidentification” under the CCPA), they similarly require purpose-specific dynamic policies that are enforced by controls uniquely supported by Anonos BigPrivacy and not by other technologies.
Anonos “Fit for Purpose BigPrivacy Engineering” technology applies dynamic tokenization of both direct and indirect (quasi) identifiers on a purpose-specific basis to preserve the “joinability” of data, under controlled conditions, while simultaneously reducing re-identification risk, expanding the efficient frontier of privacy engineering as illustrated in the graphic below. This simultaneous optimization of data utility and data protection is the key to balancing the needs of data controllers and the rights of the individual under the GDPR, CCPA and other evolving data protection regulations. Anonos patented Fit-for-Purpose BigPrivacy Engineering solution uniquely supports:

01

Data Protection by Design and by Default requirements under the GDPR;

02

De-identification requirements under the CCPA; and

03

Fair Trade Data principles of embedding technical and organizational measures into the data to safeguard fundamental personal rights while maintaining “the fidelity of the information and reducing the possibility of re-identification, bias and discrimination.”

Discovery Questions

Answering the following questions – taking into account both current needs and plans for the future – helps to determine the type of data protection technology required. The answer to these questions also depends on the context that can include factors such as the country the data resides in, whether it is third-party data and the level of personal information in scope.

Are Only Access Controls Required?

Is Data Masking Sufficient?

Does Anonymization Meet You Business Needs?

Is Static Tokenization Adequate?

Is Pseudonymization/Dynamic De-identification Required?

Have you established the Legal Basis for Desired Processing?

Anonos’ patented and certified Fit-for-Purpose BigPrivacy Engineering™ realizes the potential to attain the Holy Grail of data use by removing restrictions on data analytics use cases and complying with legal requirements to expand lawful Repurposing of Data, Data Sharing and Cross Border Transfer.

GET IN TOUCH