The reuse of personal data is often essential to an organization’s data strategy, but organizations can only reuse personal data if they meet the demands of privacy regulations. Fulfilling these demands in an ad hoc way can lead to bottlenecks and can block organizations from unlocking the true potential of their data.
A well-designed risk-based anonymization solution can effectively address an organization’s needs while fulfilling regulatory requirements. The purpose of a risk-based approach is to replace an otherwise subjective gut check with a more guided decision-making approach that is scalable and proportionate, resulting in solutions that ensure data is useful while being sufficiently protected.
This paper describes anonymization as risk management and presents the Five Safes, an established data-sharing framework that can be used to integrate anonymization seamlessly into an organization’s data protection and privacy processes. The paper also briefly explores real-world applications involving data lakes and hub-and-spoke data collection.
