QSL Northern Europe | +31 (0)418 66 30 23

Follow Us: social facebook1 social twitter1 social linked in1 social xing1   | de


Anonymizing personal data

Posted in Security on IBM i

In the data age, the security of the information system - and in particular of personal data - has a huge impact on the confidence of consumers, whether they are  individuals or professionals, and on the image or even the performance of the company.

 According to Vanson Bourne's study, published in May 2016, 61% of the French people declare that they have taken into account the security of their data during their purchases; More than 50% would be ready to take legal action against the company which has not implemented all the means necessary to protect them.
In addition, European legislation in this field is becoming more stringent, in particular the General Data Protection Regulation (GDPR), applicable from 25 May 2018, which can lead to financial penalties (from 2% To 4% of annual worldwide turnover).

Today, most computer applications integrate personal or sensitive information. The CIO must guarantee their inviolability at all stages, and for the case that interests us, when duplicating the data for example for the creation of realistic test sets, or even statistical analyzes, in a production environment IBM i (AS/400).
Beyond protection, it is to make "anonymous" data, before they are exported, making them unusable if they were stolen and used for criminal purposes.
To be able to export confidential data to another IBM i system for the creation and testing of applications in complete security, the anonymization of personal data by the substitution technique is recommended.

What is anonymization of data by Substitution?

Data anonymization is a technique that makes it possible to transform personal data irreversibly, in order to make it impossible to identify the persons concerned. It must ensure that no method, either directly or indirectly, offers the possibility of linking the exploited data to the persons of origin. Substitution, for its part, consists in replacing data with another value, unrelated to the original one. This replaces source data with data of the same form - a random draw of name substitutes, telephone numbers. This form of anonymization is perfectly adapted in a context of transferring data to another system to create or test test sets with real data, without direct information (surnames, first names ..) or indirect information (addresses, phones).

What are the benefits for the CIO?

By making anonymous data , the CIO protects sensitive data BEFORE transfer or processing where it is vulnerable, efficiently, while meeting legal constraints in certain sectors such as the Bank. Beyond the GDPR, which plebiscites the "pseudonymisation" of data or reversible anonymisation , and to respond to regulatory constraints such as Basel III and IV, the DSI has "real-time" flexibility to create realistic test sets, Rebuilding a production environment ...

What is the technological response to the problem of data protection in IBM i environment?

To create an "actual image" of an IBM i production environment without jeopardizing information security, Quick-Anonymizer , the latest in the Quick Software Line , was designed and designed to anonymize "without Fault »personal data in IBM i environment . It responds to the four main rules of this technique, which are more complex than it seems : total illegibility of the original data, irreversibility, maintenance of the integrity of the source database and functional integrity (Eg field in coherence with the application). The mission of Quick-Anonymizer is to convert "in real time" the data in order to make them anonymous, And before transmitting them to a third-party machine; actual data out so NEVER initial production machine and therefore its "natural" environment.

The anonymisation of data is part of a strong trend, led by the GDPR, where security and protection of personal data will become the norm. This new European regulations institutes a new governance of data, "intangible capital" of companies and "capital trust" of their customers.
The consequences of loss or theft of personal data are so important to the company in terms of image and associated costs, such as the reduction in turnover and the risk of prosecution.

In conclusion, according to the Vanson Bourne study, more than three French out of four would be ready to stop their purchases or their collaboration with the company complained of in case of infringement of their private data.

Find more studies of Vanson Bourne on their website: http://www.vansonbourne.com

Share this post

Submit to FacebookSubmit to TwitterSubmit to LinkedIn