HealthySystems focus is on developing a best of breed platform that makes useful and meaningful de-identification as a service possible and at the same time ensures compliance with the new European GDPR. Our main goal is to make it possible for an organization to leverage the market value of large volumes of data in compliance with data privacy laws. We also intend to promote privacy by design to customers who want to fully explore the research and market potential of large volumes of data, facilitating access to the latest techniques in the de-identification field
Every time we walk on the street, we park our cars, we make calls with a smartphone or pay with a credit card, inevitably we leave a data footprint in some database. As more and more personal information is collected, concerns arise regarding abusive data profiling that can lead to discrimination, exclusion, government oversight and general loss of control on personal data. Recent technological advances have clearly exceeded the existing legal frameworks, thus increasing the tension between innovation and privacy. The European Commission has henceforth approved a new Data Protection Regulation (GDPR), with the intention to strike a better balance between the privacy rights of citizens and the digital single market realization of its full potential. This includes the management and exploitation of large volumes data. Henceforth the adoption of the concept of pseudo-anonymization, defined as the process of de-identifying personal data, by keeping as much as possible its contextual usefulness, be it scientific or economical, in such a way that it makes it very unlikely to have personal data re-identified. The risks to re-identification of the persons concerned is low, provided proper anonymization algorithms and frameworks are applied.
HLTSYS’ proposal is a service platform to perform data analysis and explore the best techniques of de-identification applicable to that data, under the context of is intended application. The platform contains:
Procedural modules, structured by industrial sectors, with the aim of responding to a number of issues, including: “How to manage information that we own?”; “What approvals and regulators are associated with the approval of the project?”; “How to transform and treat information in such a
or “Which entities to contact for legal support?”. These procedural modules will also work as interface for the other platform components.
- Data analysis and introspection. This consists on the study of the data set provided by a user, which consists in preforming statistical analysis, metrics calculation and data typing analysis in order to better assess the privacy issues related with the data set personal data.
- Anonymization and data processing. This component of the platform represents the core of the service and constitutes the second step in the process of privacy analysis. The aim is to provide tools and guides the user in the selection of the best anonymization algorithms that make re-identification more difficult. An automatic risk analysis is also produced, which intends to associate a level of risk with the final de-identification outcome.
- Make it possible to explore large volumes of otherwise sensitive personal data and open up new data markets.
- Ensure accordance with the new General European Data Protection Regulation (GDPR).
- Access to the most modern de-identification techniques
- Implement controls to ensure stronger privacy by design.
- Low risk of re-identification by adoption of suitable pseudo-anonymization techniques.
- Easier to use solution
There is no optimal solution for the de-identification of large data sets with sensitive personal data. The entire process is dependent on the nature of the data, its application context and acceptable risk of de-identification. It is therefore expected that the entire anonymization process be based on an interactive process, comprised by repeatable operational data analysis and processing until the entire process converges to a measurable and acceptable good possible relation between data privacy and its contextual usefulness and economical value. Our platform is thus able at the same time to handle large volumes of data and to perform complex interactive data analyzes that will guide the user through the entire de-identification process in a meaningful and useful way.