What is Pseudonymization?

Oct 15, 2020 | Privacy & Security

Our personal identities are complex. We choose to share information about ourselves differently depending on the context of a relationship or situation. Aspects of our identity can change over time. We may choose to compartmentalize aspects of our lives for a greater feeling of privacy and safety.

Pseudonyms are Not New

Pseudonyms are an old concept that people use as part of managing their privacy. The word has been in the English language for over 300 years and originates in Greek. As described by Proofed, a pseudonym is ‘not the name someone uses on a day-to-day basis, and [is] only used for a specific purpose.’ 

These days, you may be most familiar with authors using a pseudonym when they publish books and other material under a different name. Authors may choose pseudonyms for many reasons, such as to:

  1. Publish without carrying over positive or negative expectations from their past work
  2. Publish in different genres and establish a separate brand identity for work in each genre
  3. Avoid gender, racial and other types of bias and discrimination that may prevent them from publishing at all
  4. Separate their existing professional career from an emerging writing career
  5. Protect the privacy of their personal life and those of their family

Using Pseudonyms Increases Privacy and Safety

Authors and publishers do not have an exclusive right to use pseudonyms. There are equally valid reasons why all of us can apply pseudonyms and reap the benefits, such as to:

  1. Share a limited portion of our identity for a specific purpose, transactions or interaction
  2. Act differently in a specific context from how our family, friends and work colleagues might know us
  3. Avoid some forms of bias and discrimination
  4. Increase our feeling of privacy and safety when interacting online

Pseudonyms and pseudonymity are central to how Anonyome Labs thinks about the world. We call our digital identities ‘Sudo’ (like pseudonyms) because a person can use them to compartmentalize communications and other capabilities using MySudo (our consumer application) or an application built using the Sudo Platform. When you create a Sudo identity, you can choose its name, avatar, email address, phone number and more. Based on your intended purpose for the Sudo, you will choose how closely it matches your personal identity.

It’s a good privacy technique for our MySudo users to employ for many interactions they have online and offline.

Pseudonymization as a Data Protection Technique

Pseudonymization (pronounced pseu-don-ym-i-za-tion) is a privacy engineering technique used to increase the protection of personal data. As with pseudonyms, pseudonymization uses alternate identifiers for data so that linking that data back to a personal identity is more difficult. A good way to think about pseudonymization is a mid-point between directly identifying personal data and anonymous data.

  • Directly identifying personal data is data that can uniquely identify a person without further effort or data sets. These are the things we informally think of as PII. Examples include your full name, home address and driver’s license number.
  • Anonymous data is unable to be used to identify a person, even when combined with other data sets. In practical terms, re-identification of a person from anonymous data is considered impossible. An example is a randomly generated identifier for a web browsing session, where no record is kept of the relationship between the session and personal data. Data protection regulations, such as the European Union’s GDPR, normally don’t cover truly anonymous data.
  • Pseudonymous data is data that can be used to identify a person, but only when combined with other data sets. It could also be called indirectly identifying personal data. An example is where a randomly generated identifier is created for a user entry in an application database, and a separately controlled compliance database holds the directly identifying personal data and the links to the identifiers in the application database. By itself, the application database is considered pseudonymous data, but becomes directly identifying personal data when combined with the compliance database.

Because re-identification is possible from pseudonymous data, it is not considered anonymous data under regulations such as GDPR. But GDPR does acknowledge that pseudonymization is a desirable privacy engineering technique, providing these benefits:

  • Reduced risk of breach of directly identifying personal data, since it may reduce the locations where that data is stored and how many people have access to that directly identifying personal data
  • Reduced impact in the event of data breaches, since the data breached may not be directly identifying
  • Increased amount data processing permited without increased privacy risk for individuals. This may be especially true in areas such as scientific and statistical research.

The protection offered by pseudonymized data may be very close to anonymous data where the complexity to re-identify a person is high. For example, if re-identification requires combining private data sets from multiple companies, then the likelihood of re-identification may be limited to the ability for a law enforcement agency to subpoena each of the organizations and combine the data.

How Anonyome Labs uses Pseudonymization

We use pseudonymization extensively in the Sudo Platform. This reduces the risk of personal data being breached and the impact if a breach was ever to occur (which we also work to mitigate in the first place through security and privacy by design). 

Here are some examples:

  • Where we do need to store personal data, such as the results of identity verification performed before a user can use MySudo virtual cards, we keep that data separate from other data in the Sudo Platform and protect it with additional technical and administrative controls to reduce risk of that information being breached.
  • The way we analyze use of MySudo takes a minimalist approach, achieved in part by using pseudonymization of data (as well as aggregation, redaction and other techniques).

If the concepts of pseudonyms and pseudonymization interest you, download MySudo today to see how you can use it to organize and compartmentalize your personal identity.

You May Also Like…