... | ... | @@ -22,4 +22,6 @@ Such "data blending" has been the subject of much debate, a.o. in the context of |
|
|
|
|
|
Instead of assigning fixed identifiers to rows, PEP uses identifiers called "polymorphic pseudonyms" (PPs) that are partially randomized. A new PP value is generated whenever a data entry is accessed, causing different parties to receive different PPs for the same row. Since parties cannot match PPs between their respective data sets, this eliminates a major underpinning of the data blending we're trying to avoid.
|
|
|
|
|
|
A downside of the use of PPs is that a single party would also not be able to associate data that they retrieve at different times. But since the party could create a complete data set by downloading data in one fell swoop (instead of in batches), the PP's volatility provides no security in this scenario. PEP therefore also has the ability to calculate "user pseudonyms" (UPs) for data rows. For any given party, the same row will be assigned the same UP value at all times. Data from multiple downloads by the same party can then be joined by matching UP values. But different parties will receive different UP values to refer to the same row, thus still preventing data received by different parties from being blended. |
|
|
\ No newline at end of file |
|
|
A downside of the use of PPs is that a single party would also not be able to associate data that they retrieve at different times. But since the party could create a complete data set by downloading data in one fell swoop (instead of in batches), the PP's volatility provides no security in this scenario. PEP therefore also has the ability to calculate "local pseudonyms" (LPs) for data rows. For any given party, the same row will be assigned the same LP value at all times. Data from multiple downloads by the same party can then be joined by matching LP values. But different parties will receive different LP values to refer to the same row, thus still preventing data received by different parties from being blended.
|
|
|
|
|
|
PEP also supports a derivative from the local pseudonym, called the "user pseudonym" (UP). This is simply an abbreviated form of the local pseudonym, which is sometimes more convenient to use. User pseudonyms provide the same pseudonymization features as local pseudonyms. |
|
|
\ No newline at end of file |