The Value of Working with Pseudonymized Mobile Phone Data
The European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are changing the way companies can collect, store, process and utilize data about individuals. They force companies to rethink where data is collected, processed and shared as well as who has access to that data, how it’s used and when it’s disposed of.
Why do we need data privacy regulation?
GDPR requires individuals to be in control of their data. Consumers will feel more comfortable using applications and participating in loyalty programs when they know their data is safe and can only be used for specific purposes. In order to comply with GDPR, organizations may have to run separate analyses using pseudonymized mobile phone data so that no personally identifiable information is included or inferred. This ensures compliance with CCPA in the US, too. However, there are still many questions about how companies can best address privacy issues within their organizations as well as meet these new standards and avoid heavy fines from regulators.
What are personal data and sensitive personal data?
Personal data refers to any information that can be used to directly or indirectly identify a person, either from that data alone or in combination with other information. This typically includes personal identifiers such as name, ID number, location data, online identifier, e-mail address and IP address. Sensitive personal data is a more specific subset of personal data relating to an individual’s physical or mental health condition or sexual orientation.
What kinds of processing activities does this regulation require organizations to comply with?
The GDPR places a number of obligations on organizations that process personal data and processing is defined very broadly to include not only recording information, but also storage and transfer. Article 5(1)(e) specifically addresses pseudonymization by referencing the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information.
What are data controllers and data processors?
In every organization there are at least two categories of data processors: data controllers and data processors. A data controller is a party that determines how and why personal information is processed, whereas a data processor is a party that processes personal information on behalf of another party (data controller).
How are pseudonymous IDs used in our industry?
In an era of privacy concerns, companies and governments are increasingly turning to pseudonymization, which is a process by which Personally Identifiable Information (PII) is transformed into an anonymized identifier. This technique can help protect consumers while not impacting business insights. For example, mobile phone service providers can identify customers using pseudonymous IDs in order to report on their movements over time — such as commuting patterns or shopping preferences — without knowing any PII about them.
How can I work with data like this in my business?
Collecting and managing all of your company’s business-related data in one place, regardless of its nature (analytics, logistics, contracts), is a prerequisite for competitive advantage. A whole range of software tools are available on the market to help businesses analyze their data and convert it into actionable intelligence that provides insight into consumer behavior, helps reduce costs and ultimately leads to improved business performance. Intuizi can pseudonymize your data, compare it to other pseudonymized datasets they are already working with, and enable you to identify high-value user segments to prospect against, filter out low-value potential customers, and gain a far more granular insight on your existing customers based on comparing their behaviours to other users – whether for marketing, analytics or insight purposes. Drop us a line if this is of interest!
