Automated Anonymization : CYS Group

To comply with regulations regarding personal data, oftentimes you are required to anonymize your data. Since you don’t want to make this a manual task you would likely automate this.

Table of contents:

Risk levels
Determining the anonymization date
Event based rule

Risk levels

First you have to define what columns you would like to anonymize. Anonymization can of course be done per column, but we’ve made it easy for you by providing a way of anonymizing everything at the same time.

When creating your Definitions, you have the option to flag the values that fall under that column with a certain Risk Level. We advise to flag the definitions that contain personal data to a high risk level, since these are the columns that you would like to anonymize. Definitions that could be flagged this way, could for instance contain data such as a first or last name, date of birth, an email address, etc.

For more information on creating definitions, please have a look at our article on defining columns

Determining the anonymization date

Next you need to determine the date on which you would like to perform the anonymization. After what date does the personal data need to be removed from the database? You could of course deliver this in your import file, but you can also implement a creation rule that determines an anonymization date based on any date column. Most often, we use the date of which the data is entered into the system).

First you need to create a column to gather those values in. Please make sure the definition type is a date- or a datetime-type. Since our database makes use of the American date format, please use a mm-dd-yyyy notation when filling in this column.

An example of an expert rule that will target the anonimization date to be 60 days after a record is mapped into the database is:

var DateAnonymous = new Date();

DateAnonymous.setDate(DateAnonymous.getDate()+ 60);

DRE.createOrChangeValueInDB("AnonymizationDate", DateAnonymous);

Event based rules

Finally you need an event based rule that continuously checks the database for dates in the designated column and perform the anonymization over the relevant risk level or separate columns.

An event based rule that turns the values in the columns that are flagged as high risk level to “Anonymous” after the anonymization date has passed, would look something like this:

Of course you could choose to anonymize separate columns, without making use of the risk level. In that case you need to address every separate column in the event based rule.

In this case, the event based rule would look something like this: