The Federal Trade Commission (FTC) has a long-standing habit of creating legal obligations through blog posts. Recent communications from the FTC by way of its Office of Technology Blog evidence an aggressive expectation...more
Learning Objectives: - Understand the methods for de-identification - Learn about the differences between anonymization, de-identification, and pseudonymization - Understand what “potential for re-identification”...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
Maybe. “Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to...more
Maybe. “Salting” refers to the insertion of a random value (e.g., a number or a letter) into personal data before that data is hashed. Whether personal information that has undergone salting and hashing is still...more
De-identification of data refers to the process used to prevent personal identifiers from being connected with information. The FTC indicated in its 2012 report Protecting Consumer Privacy in an Era of Rapid Change:...more