Cybersecurity and Risk
How data anonymization can strengthen data privacy
Data Privacy Day is an international event observed on Jan. 28 in the United States, Canada, Nigeria, Israel, and 47 European countries. It’s a time to raise awareness about data protection best practices.
At ServiceNow, one day is not enough to focus on data privacy. We prioritize protecting personally identifiable information (PII) for organizations and individuals every day of the year. One of the best ways to do that is through data anonymization.
Assessing the data privacy landscape
Any compromise or breach of sensitive information can have a significant negative impact on an organization—including revenue loss, reputation damage, intellectual property loss, and large fines.
PII-related data breaches are on the rise. According to the 2021 Data Breach Report, the most frequently compromised data is people’s names, Social Security numbers, dates of birth, and home addresses.
IBM research found the global average cost of a data breach reached an all-time high of $4.35 million in 2022. Data breaches involving PII are the most common and the most expensive, costing $150,000 more than the average data breach, the research adds.
Growing data breaches and privacy concerns have led governments worldwide to adopt privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and China’s Personal Information Protection Law (PIPL).
According to Gartner®, “By year-end 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.”1 Failure to comply with these privacy laws could result in steep fines, potentially costing a company up to 4% of its global revenue, according to a CNBC article.
Ways to anonymize data
Data anonymization offers a reliable way to protect PII. ServiceNow Data Anonymization, introduced in the Now Platform Tokyo release, helps protect sensitive data through different preserving techniques for production and subproduction instances. It also helps organizations with regulatory compliance.
Prior to anonymization, data should be classified according to its sensitivity. After that, PII can be anonymized in two ways.
1. PII associated with a specific user
Administrators can choose to anonymize either all or part of the PII associated with a particular user using techniques such as selective replace (format preserving) or replace with a string. These techniques preserve other PII such as business phone or city, and data for other users is not affected.
2. Data class/column
A column containing sensitive information can be anonymized before using the data for testing or before sharing it with any third-party entity. Anonymizing a column can be scheduled as part of the clone process of a data anonymization policy. This eliminates the need to make manual changes or run a separate script in the subproduction environment.
For example, all records under a credit card column can be anonymized using a customized technique that keeps the first digit and last four digits of the credit card number intact for processing requirements
Once anonymized, user data is no longer considered regulated private information, as it can’t be associated with an individual.
Advancing data security
ServiceNow Data Anonymization is a key component of ServiceNow Vault, a set of advanced security and privacy controls that help organizations protect data, increase compliance, and boost their security posture.
Privacy regulations will continue to emerge and evolve. Having and enforcing robust data privacy policies and practices can help avoid data breaches, potential lawsuits, government-imposed fines, and regulatory investigations.
Find out more about how ServiceNow helps organizations protect PII and stay compliant.
1 Gartner Press Release, Gartner Identifies Top Five Trends in Privacy Through 2024, May 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
© 2023 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
