Citations

  • Geber et al. 2009 (†688)

    Gerber, Benjamin, Adam C. Nelson, and Steven L. Jones. "Achieving Data Privacy Through Data Obfuscation." Privacy and Data Security Law Journal (March 2009).

    URL: http://privacy.us/pub/Data_Obfuscation_2009.html

Existing Citations

  • data anonymization : Data anonymization allows for the maintaining of exact values of data or retaining precise data value distribution, and therefore allows the data to precisely represent production data because it is unaltered, yet it is anonymous because it is unreadable. At a high level, this is accomplished by applying one-way cryptographic hashing to data elements.3 Data anonymization is utilized to perform a variety of analytical and business intelligence functions on data, including marketing data analysis, fraud detection, and consolidation of customer data. (†1601)
  • data anonymization : Often analyses of data for business intelligence, such as purchasing trends, services usage patterns, and customer satisfaction results, can be performed at an aggregate level or without a need to know precisely which individual is attributed to which values. With an understanding of the analyses intended to be performed, appropriate data masking techniques can be selected to produce extremely similar results (within an acceptable tolerance percentage) that the same analysis operations would produce for production data. Therefore, mitigating the risks of allowing analysts, particularly those located overseas, to handle large amounts of production data becomes practical through data masking. For functions requiring a high degree of precision and the comparison of individual data elements, data anonymization may be a viable option. (†1605)
  • data de-identification : Data de-identification is the removing of all, some, or portions of identifiers (e.g., name, address, Social Security number or Social Insurance number) from the data prior to use in testing or production environments or release to third parties. While this has been the predominant method of data sanitization or obfuscation, it is important to realize that de-identified data may be subject to re-identification by utilizing categorical (i.e., demographic characteristics) or numerical data. Because of the risks associated with data being re-identified and the relatively small additional overhead of applying masking over de-identification alone, depending on the intended use of the data, often data masking is a superior option for non-production use or analysis of data at a non-aggregate level (i.e., analyzing individual records rather than sets of records). (†1600)
  • data masking : Data masking allows us to generate faux, yet representative, data for use in the full Systems Development Life Cycle (“SDLC”)–which includes application development, unit testing, systems testing, user acceptance testing, and performance testing–or for specific business intelligence purposes (e.g., statistical analyses, profitability analysis). ¶ Consequently, data masking allows for maintaining: · Representative data in volume; data quantity and size used in testing or data analysis matches what is found in production systems. This is particularly important for performance testing. · Representative data in value distribution; when data is used for testing purposes, it need only have the same or similar values found in production data, without revealing or corresponding to individuals’ data. When data is used for analysis purposes, often it is not the values belonging to an individual record that are of interest; instead the data at the aggregate level may be analyzed using statistical techniques. ¶ This allows for the maintaining of data utility while protecting against: · Identity Disclosure, which occurs when an individual record can be tied to a particular entity; the identity of an individual can thus be inferred from the data. · Value Disclosure, which occurs when the value of a confidential attribute for a particular entity (the value of one or more variables) can be inferred from the data. (†1599)
  • data masking : Often analyses of data for business intelligence, such as purchasing trends, services usage patterns, and customer satisfaction results, can be performed at an aggregate level or without a need to know precisely which individual is attributed to which values. With an understanding of the analyses intended to be performed, appropriate data masking techniques can be selected to produce extremely similar results (within an acceptable tolerance percentage) that the same analysis operations would produce for production data. Therefore, mitigating the risks of allowing analysts, particularly those located overseas, to handle large amounts of production data becomes practical through data masking. For functions requiring a high degree of precision and the comparison of individual data elements, data anonymization may be a viable option. (†1604)
  • data obfuscation : Through an understanding of business processes, data flows, and the application of advanced data obfuscation – including data masking, data deidentification, and data anonymization – your organization or client can achieve a great number of business goals and continue to perform current functions with out using the actual, real PII and sensitive data of customers and employees, thus severely reducing risk and liability. ¶ Techniques for data obfuscation include data masking, data de-identification, and data anonymization. (†1598)
  • data obfuscation : Data obfuscation is most often utilized for generating data for development and test environments, as well as many data analysis functions. Data obfuscation is usually applied in batch; a masked copy of a database or databases is created for later use. (†1603)