The General Data Protection Law (LGPD) deals with the protection of personal information transmitted on the network. Enacted in 2018, this is a standard that can lead to changes in the way telecommunications services are provided.
As a result, data anonymization can become a strong demand for many business models in the IT market. Knowing a little more about this legislative news is very interesting.
It is worth remembering that masked data is not protected by the LGPD. However, it is important to know the techniques so that the information is not unduly exposed or subject the company to fines and legal proceedings. This is also a way of adapting internal processes to the best information security practices.
Interested in the subject? So, now see more details about the data anonymization trend. Come with us and happy reading!
What is data anonymization?
Data anonymization consists of the process of modifying or removing, from the databases, information that allows identifying a person, such as age, telephone numbers, gender, address, surnames, and CPF. This technique is also called data masking and data sanitization. Handling this sensitive knowledge is crucial to preventing incidents of data breaches in the future.
Depending on the context and business niche, only pseudo-anonymization of user data can be performed. In this case, only part of the personal information is changed or deleted. In this way, the security of the information as a whole is improved.
What is the relationship of data anonymization to GDPR?
There is a discussion about the effectiveness of anonymizing data because, in some situations, it is possible to reverse the technique and re-identify users. Therefore, the LGPD reinforces that companies create masking solutions that guarantee or hinder the irreversibility of this process.
Thus, the National Data Protection Authority (ANPD), created by Provisional Measure nº 869/2018, will be able to define standards and good practices for anonymization and carry out security checks. The General Data Protection Law will come into force in the second half of 2020. Therefore, it is important that IT businesses adapt to this new scenario and redesign their workflows.
Next, learn about some of the main data anonymization techniques!
Encryption
Symmetric-key encryption algorithms are applied to exchange users’ sensitive data for encrypted data. As a result, the information remains confidential and not visible even to IT personnel.
Generalization
The values of the semi-identifying attributes are replaced by more generic information that still represents the users. The attributes and columns of the tables are categorized. An example put the CEP 70.000 in all registered addresses.
Suppression
It consists of excluding the values of the identifier and semi-identifier attributes from the already anonymized table. This technique is used a lot in statistical databases to avoid microdata.
Disturbance
This is the masking of information. In this case, the real data is exchanged for fictitious values. RDP (Random Data Perturbation) or information condensation algorithms can be used.
Finally, data anonymization is a demand that will bring considerable changes to technology companies. Given this, it is interesting to know a little more about ISO 17799 standards, data restoration, and managed antivirus. Relying on the experience of specialists is also a valid action.
