Ano Ang Pseudonymization At Bakit Ito Different Sa Anonymization
Ang pseudonymization ay nag-replace ng direct identifiers with pseudonyms (codes, hashes, encrypted values) habang nag-retain ng re-identification capability gamit ang secret key. Ang result ay processed safely para sa analytics, research, sharing — pero ang original data ay still recoverable ng authorized personnel.
Ang GDPR ay nag-define ng pseudonymization sa Article 4(11) bilang "processing of personal data such that the data can no longer be attributed to a data subject without the use of additional information" — ang 'additional information' ay ang secret key.
Ang EDPB 2025 guidance ay nag-specify:
-
Encryption methods
- AES-256-GCM o equivalent (NIST approved)
- Nonce/IV ay must be random per record
- Authentication tag ay mandatory
- Weak methods (single-DES, RC4, MD5) ay não compliant
-
Key management
- Keys ay must be separate from encrypted data
- Keys stored sa same database/server ay hindi compliant (no separation of duty)
- Keys sa hardware security module (HSM) o key vault ay recommended
- Key rotation ay must be documented (frequency, schedule, audit)
-
Access control logging
- Bawat key access ay must be logged with timestamp, user ID, purpose
- Logs ay must be protected from tampering (hash-based or cryptographic commitment)
- Logs ay must be retained per jurisdiction's legal hold requirement
- Access reviews ay must occur quarterly minimum
-
Reversibility constraints
- Ang pseudonymization ay debe designed para be reversible by authorized parties only
- Kung ang decryption ay technically possible pero not authorized through access control, ito ay still compliant
- Kung ang decryption ay technically impossible (keys destroyed), ang data ay anonymized, hindi pseudonymized
Ang anonym.legal ay nag-support ng EDPB 2025-compliant pseudonymization:
- Encrypted hashing with stored keys (Azure Key Vault, AWS KMS)
- AES-256-GCM encryption with local HSM support
- Detailed access logging at audit trails
- Key rotation policies at documentation