Data security is heavily dependent on context, and as organizations contemplate Test Data Management (TDM) they must consider not only de-identification strategies but re-identification probabilities as well.
Data privacy regulations are becoming more stringent, with some regulations having an ‘extraterritorial scoping clause’ that stipulates that organizations must comply with regulations regardless of where the data resides, if collecting data on their constituents (e.g., GDPR and PIPL). Further, even if all direct identifiers are stripped out of a data set, the data will still be considered personal data if it is possible to link any data subjects to information in the data set relating to them (as per Recital 26 GDPR). In other words, according to GDPR, a person does not have to be named to be identifiable. If there is other information enabling an individual to be simply connected to data about them, they may still be considered ‘identified’.
An organization, using proper techniques combined with re-identification risk management procedures, remains among the strongest and most important tools in protecting privacy. Tonic is one such vendor that applies advanced concepts to de-identify aggregate datasets. They specialize in synthetic data, which by definition is differentially private, though they can also selectively de-identify identifiers and quasi-identifiers in complex schemas (e.g., structured and semi-structured data).
Join Satbir and Darren as they speak with Adam Kamor, Tonic Co-Founder and Head of Engineering, about what makes Tonic unique in the space of data de-identification.