Anonymization of personal data for IBM Power i (AS/400)
Anonymization of personal data and privacy protection
What is anonymization?
Anonymisation is the removal of information that could lead to an individual being identified, either on the basis of the removed information or this combined with other information held by the company.
When should I anonymise information?
The General Data Protection Regulation Act regulates the handling of "personal data". For day-to-day purposes, "personal data" is information about living, identifiable individuals; see the link below for a more precise definition. It is good data protection practice to limit the number of people that have access to personal data. In some cases, this can be done by anonymizing the information. In particular, when personal data is to be shown to a wider audience it will be, in most circumstances, appropriate to anonymise it.
The GDPR act, starting in May 2018, companies are fined heavily when not taking appropriate measures to protect the data and privacy of collected personal data of citizens of the European Union.
Definition of personal data
Every (collected) data outside the primary production environment that could identify individual people.
You are working on a research project that involves data about people, not everyone involved in the project may need to know the identity of the research subjects. If you are giving a presentation about the research, it is extremely unlikely that the identity of the subjects, or information that could lead to them being identified, is necessary for the presentation.
You have an external develop and testing environment to create new applications for your business. To fully test the new applications you replicate (live-) data from your production environment to the test environment. The exported/replicated data should be anonymized to fully protect the privacy.
Collected data from clients/customers is shared with other companies for data analyzing or BI, this data may not lead to individual persons and should be anonymized.
How can I be sure that I have completely anonymised information?
Information is fully anonymised if there are at least 3-5 individuals to whom the information could refer. For example, if your data relates to an individual of a specific gender and ethnicity living at a certain postcode you can increase the number of people to whom it could refer by only using the first 3 digits of the postcode.
Is anonymised information still 'personal data'?
No, if the information has been fully anonymised it is not personal data and therefore not covered by the Data Protection Act.
Anonymisation in an HA environment
By using Quick-CSi you are able to anonymize data while replicating data (in real-time) to a second system or partition. Guarantee the privacy of your customers and comply with the European GDPR act which comes effective in may 2018.
Through an easy to use graphical interface, all levels of anonymisation can be configured and monitored.
Anonymization with SmartData
When replicating data between different databases, it is now possible with the anonymizer add-on to remove all personal and private information on the fly. This makes it easier and faster to export your data to a third company for testing and analyzing data while you are compliant with the new GDRP act.
Using SmartData, you are able to easily import or export data from your DB2 database to other external databases like Microsoft SQL, Oracle and Netezza.
Read more about SmartData
Our Quick-Anonymization software solution uses a graphical user interface (GUI) to configure and setup all different levels of anonymization on the IBM Power i.
Data is formatted 'on the fly', meaning data is anonymized while replicating or copying to an external system. By replacing and maintaining the structure of the data fields, it is still possible to test and work with proper data fields while not having the risk of exposing data to the wrong people. For instance; when anonymizing credit card numbers, the structure of the field is maintained (format, length and type) and the 'scrambled' credit card numbers are still fully compatible for testing.
Also having the data anonymized, stolen data by hackers or thieves is completely useless since the anonymized data cannot be reversed.
Read more about the technical details of Quick-Anonymization...