Six things to look for in privacy protection software
This is the fourth blog in our Crash course in Privacy series
Enterprises want to:
- Leverage their data assets
- Comply with privacy regulations
- Reduce the risk exposure of consumer information.
If the goal is to maintain data utility while protecting privacy here is a list of six key things you should consider in data privacy software:
1) Allows you to understand the privacy risk of your dataset
It is easy to think that by removing information like names and ID’s privacy risk is eliminated, however as shown by the Netflix case, there is a lot of additional information in a data set that can be used to re-identify someone, even when those fields have been removed. Therefore it is important to know what the probability of re-identification is of your dataset after you have applied privacy-protection. There are other lesser-known types of privacy risks that could matter to you such as membership disclosure and attribute disclosure.
The software you use should help you understand and manage these risks.
2) Enables you to understand information loss and maintain the analytical value
Every time you apply anonymization techniques to your dataset, the information is transformed. This transformation either redacts, generalizes or replaces the original data causing some information loss. Depending on what the data will be used for, you need to be able to understand the impact on your data quality. Your data quality could vary widely even with the same privacy risk, so knowing this makes a huge difference when using privacy-protected data for analytics.
Software that helps you understand the information loss and maintain analytical value after de-identification is critical.
3) Protects all attribute types
To achieve optimal privacy protection while balancing data quality, all data elements need to be classified appropriately. Incorrectly classifying a data element as an Identifier, Quasi-identifier, Sensitive, or Insensitive attribute could lead to insufficient privacy protection or excessive data quality loss.
The right privacy-protection software should support all four attribute types (identifier, Quasi, identifier, Sensitive, Insensitive) and allow you to customize the classification of your data elements based on your needs.
To learn more about the data attributes read Why privacy is important.
4) Supports a range of privacy techniques and is tunable
Each different privacy technique has pros and cons depending on what the data will be used for e.g Masking removes analytical value completely but is good for protection. You should look for software that supports a range of privacy protection techniques as well as tunable parameters for each of them to find the perfect balance for your needs.
5) Applies consistent privacy policies
Satisfying privacy regulations is a cumbersome and manual process. Being able to create privacy frameworks and share them across the organization for application purposes is key, so software that allows you and your team to apply consistent privacy policies is critical.
6) Your data stays where you can protect it
You are looking to privacy-protect your data, the software you use should work in the environment where you are already protecting your data. Using software that runs locally in your environment will remove an additional layer of risk.
The other blogs in the Crash course in Privacy series are: