“Anonymizing”

“Anonymizing”

Recently, talk of “anonymizing” or “pseudo-anonymizing” data has been picking up, both publicly online and in private conversations with our clients. There have been questions on what these terms mean, what they mean for user privacy, and avoiding pitfalls around the practice.

Currently, “anonymizing” is not defined or clearly addressed in TRUSTe’s privacy program requirements. However, we have developed an understanding of the practice over time that we apply evenly to all of the participants in our privacy programs. We also provide guidance on privacy best practices to clients on this topic and other practices, which are not covered by our program requirements.

TRUSTe defines anonymizing as taking information that is currently Personally Identifiable Information (PII) and permanently turning it into non-identifying data. We identify pseudo-anonymizing as taking data that is currently PII and turning it into non-identifying data that can be returned from its anonymized state to PII in the future. One of the simplest forms of anonymization that takes place every day on nearly every website: analytics. Services like Google Analytics take PII such as an IP Address combined with other detailed information, then anonymizes and aggregates the data to provide useful graphs such as the percentage of site visitors that use Mozilla Firefox. In this situation, anonymization increases user privacy, because the site does not need to retain any PII to get the information they require.