ENISA Guideline No 1 - November 2018: Recommendations on Shaping Technology According to GDPR Provisions - An Overview on Data Pseudonymisation82 | Section | Anonos BigPrivacy |
---|---|---|
Personal identifiers replaced with pseudonyms | 2.1.1 | |
Pseudonyms do not allow the direct derivation of personal identifiers | 2.1.1 | |
Personal data can no longer be attributed to a specific data subject without the use of additional information | 2.1.2 | |
Reversal of Pseudonymisation is non-trivial in absence of additional information | 2.1.2 | |
Additional information kept separately using technical and organizational controls to limit access | 2.1.2 | |
Pseudonyms applied to direct and indirect identifiers | 2.1.2, 2.1.3 | |
Resistance against re-identification via singling out | 2.1.2, 2.1.3 | |
Resistance against re-identification via linkage attacks | 2.1.2, 2.1.3 | |
Resistance against re-identification via inference attacks | 2.1.3, 2.2 | |
Anonymisation techniques used to further reduce the possibility of third parties inferring identity | 2.2 | |
Single input results in a decoupled pair of outputs: pseudonymous data and additional information necessary to reidentify | 2.3 | |
Identify of data subjects hidden in the context of a specific data processing operation | 2.3 | |
Any recipient or third-party having access to pseudonymised data cannot trivially derive original data set and identity of data subjects | 2.3 | |
Support for unlinkability across different data processing domains | 2.3 | |
Support for accuracy by retaining access to both pseudonymised output and additional information necessary to reidentify | 2.3 | |
Does not use Hashing without key or salt to generate pseudonyms | 3.2 | |
Offers keyed hash function (HMAC, SHA2/3, 256+ bit keys) to generate pseudonyms | 3.3 | |
Uses symmetric encryption to generate pseudonyms | 3.6 | |
Offers tokens (randomly generated values) as pseudonyms | 3.6 | |
ENISA Guideline No 2 - November 2019: Recommendations on Shaping Technology According to Data Protection and Privacy Provisions - Pseudonymisation Techniques and Best Practices83 | Section | Anonos BigPrivacy |
Enables a Risk-Based Approach accounting for required protection and utility/scalability | Exec Summary | |
Advances the State-of-the-Art | Exec Summary | |
Complies with GDPR Definition of Pseudonymisation | 2 | |
Utilizes one or more Pseudonymisation Functions | 2 | |
Utilizes a Pseudonymisation Secret | 2 | |
Has a Recovery Function for Pseudonymisation Functions | 2 | |
Uses a Pseudonymisation Mapping Table | 2 | |
Attack Resistance | 4.3 | |
Pseudonymisation Secret Discovery Attack Resistant | 4.3.1 | |
Re-Identification (Linkage) Attack Resistant | 4.3.2 | |
Discrimination (Inference) Attack Resistant | 4.3.3 | |
Brute Force Attack Resistant | 4.4.1 | |
Dictionary Search Resistant | 4.4.2 | |
Utility and Data Protection Maximization | 4.5 | |
Pseudonymisation Techniques | 5.1 | |
Does not make use of Counters | 5.1.1 | |
Uses Cryptographic Random Number Generator | 5.1.2 | |
Does not use Cryptographic Hash Function with or without salts, peppers | 5.1.3 | |
Uses MAC - keyed hash (HMAC) | 5.1.4 | |
Uses Symmetric Encryption | 5.1.5 | |
Pseudonymisation Policies | 5.2 | |
Supports Deterministic Pseudonymisation | 5.2.1 | |
Supports Fully Randomized - RDDIDs - both row and field level | 5.2.3 | |
Offers Recovery Function (Reversal of Pseudonymisation) | 5.4 | |
Protects Pseudonymisation Secret | 5.5 | |
Advanced Pseudonymisation Techniques | 5.6 | |
Controlled Pseudonym Linkability | 5.6 | |
K-Anonymity | 5.6 | |
Aggregation/Generalization/Binning | 5.6 | |
Rounding | 5.6 | |
Masking | 5.6 | |
Prefix/Suffix-Preserving Pseudonymisation | 6.2.1 | |
Format Preserving Pseudonymisation | 7.4 |