Skip to main content

One Step Ahead: Data Minimization, Pseudonymization, and Anonymization

One Step Ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

It’s that time of year again! Data Privacy Awareness Day is January 28, and we are celebrating by highlighting a fundamental principle of data privacy—data minimization.

Data minimization can be described as collecting the minimum amount of information that is relevant and necessary to accomplish a specified purpose. 

Data minimization also means only maintaining data for as long as required to fulfill the specified purpose. Data minimization prevents unauthorized access to, or disclosure of, personal data that is unnecessary to collect and maintain. 

In situations where personal data must be collected, such as University research projects, pseudonymization or anonymization of the data can further protect individuals from unauthorized exposure by rendering them temporarily or permanently unidentifiable. Note the difference between pseudonymizing and anonymizing data. 

When data is pseudonymized, an individual can be later identified through indirect or additional information, such as a coded number. Anonymized data means it is impossible to restore the identity of the individual because all identifying information has been removed.

Always carefully assess whether data is genuinely anonymized. For example: the combination of a student’s major and minor, or an employee’s department and years of service, may be enough to identify an individual. 

When crafting an anonymous survey, be mindful that you do not collect information that is too specific or data which, if combined, could indirectly identify and compromise the privacy of any individuals—then the survey would no longer be truly anonymous. 

For more information, Penn’s Privacy website is www.upenn.edu/privacy. Questions about University privacy can be addressed to privacy@upenn.edu.

--

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top