anonym.legal

By · Last updated 2026-03-15

返回博客法律科技

永久匿名化:证据灭失风险

34.8%的ChatGPT输入包含敏感数据(Cyberhaven)。解决方案——永久匿名化——本身会带来新的法律风险:证据灭失。GDPR第4(5)条也有相关规定。

March 15, 202610 分钟阅读
reversible encryptionspoliation risklegal discovery complianceGDPR pseudonymizationAES-256-GCM

2026年更新

一种修复,两种新风险

许多机构现在通过在文本到达AI提供商之前剥离姓名和ID来阻止AI泄露。单向哈希、硬性遮盖或完全删除——这些看起来都很安全:AI获得干净文本,敏感细节留在内部。

这个逻辑在安全方面是成立的。Cyberhaven 2025年第四季度研究发现,发送给ChatGPT的内容中34.8%包含敏感数据。Ponemon 2024年报告将AI泄露的平均成本定为210万美元。风险是真实的,成本是高昂的。

但完全删除以一种风险换取另一种风险:证据灭失

对于受诉讼或审计约束的机构,销毁恢复原始记录的能力可能根据联邦和州法规构成证据灭失。

AI数据共享的规模

eSecurity Planet和Cyberhaven的研究发现,77%的员工每周与AI工具共享敏感数据,涵盖法律、医疗、金融和技术行业。

共享内容通常包括:

  • 客户信函和案件笔记
  • 合同草稿和交易条款
  • 内部计划和业务记录
  • 财务模型和预测
  • 法律备忘录和案件笔记
  • 患者记录和临床笔记
  • 人力资源文件和员工消息

当完全删除作为AI管控手段时,通过它处理的每份文件都可能丧失法律价值。如果这些文件在诉讼中出现——对于受监管领域的机构,在任何多年期间都极有可能——机构可能已经失去了证据。

GDPR:可逆性是必要条件

GDPR第4(5)条将假名化定义为处理个人记录的方式,使其"在不使用额外信息的情况下无法归因于特定数据主体,前提是此类额外信息单独存放"。

关键点:使重新链接成为可能的额外密钥必须保留。可以通过存储密钥重新链接的记录在GDPR下视为假名化。

根本无法重新链接的记录不是假名化,而是匿名化。差距很重要:令牌掩码记录保留了一些GDPR义务,但可以为法律用途还原;完全删除的记录可能超出GDPR范围,但根本无法还原。

联邦规则:证据灭失测试

根据联邦民事诉讼规则,当事方必须保存可能与预期诉讼相关的记录。这一义务在诉讼合理可预见时开始,而非在诉讼提起时。

第37(e)条允许法院对未能保存存储电子信息的当事方施加处罚,包括:

  • 不利推论指令
  • 证据排除
  • 严重情形下的案件终结制裁

以下是实际情形:机构使用AI工作流,在正常业务过程中完全删除敏感内容。这些记录后来与诉讼相关,机构已对其进行了处理,原始文本无法恢复。如果这发生在保全义务生效之后,证据灭失风险随之而来。

可逆与不可逆:关键区别

单向:无法恢复 SHA-256对名字的哈希产生固定哈希值,无法从中推导出名字。硬性遮盖移除文本,原始内容消失。

可逆:可以恢复 保留密钥的令牌替换和AES-256-GCM加密都以可以撤销的方式转换记录——被令牌替换的名字可以通过查找表还原,AES-256-GCM内容可以用正确的密钥解密。原始文本保持可达。

对于AI保护,两种方法效果相同。对于法律义务,只有可逆令牌掩码有效。

双重合规设计

同时满足AI安全和法律披露义务的设计使用可逆AES-256-GCM令牌掩码:

  1. 记录在到达任何AI工具之前经过处理
  2. 敏感项目——姓名、ID、PHI、特权内容——被替换为结构化令牌
  3. 令牌映射表存储在单独的存储库中,访问控制与数据类型匹配
  4. AI处理在令牌副本上运行,AI从不接触真实记录
  5. 结果通过令牌映射表还原供正常业务使用
  6. 当发现义务生效时,令牌映射表置于法律保全之下

在这种设计下,没有原始内容会丢失,AI提供商从不以可用形式看到它,令牌映射表在法律需要时保持恢复可能性,证据灭失风险消除——没有记录被销毁,只是以可以撤销的方式进行了掩码处理。

请参阅令牌系统文档安全合规概述定价页面了解完整细节。

参考资料

  • Cyberhaven Q4 2025:AI工具中的数据暴露 — 链接
  • IBM / Ponemon研究所:数据泄露成本报告2024 — 链接
  • EDPB关于假名化指南05/2022 — 链接
  • 联邦民事诉讼规则第37(e)条 — 链接

相关文章

法律科技

Mixed Format E-Discovery: Compliance Gap

E-discovery productions and GDPR DSARs span PDFs, Word docs, Excel, and JSON exports. Using different tools for each format creates consistency gaps that.

法律科技

The PDF Redaction Trap: Data Exposed

The DOJ Epstein files, the Manafort case, and NSA leaks all share the same failure: cosmetic redaction that leaves underlying text extractable.

法律科技

Legal PII: Privilege Detection

Case reference numbers, bar admission numbers, court docket numbers, and client matter IDs are legally sensitive identifiers that standard PII tools miss.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.