So, how does pseudonymization differ from de-identification?
In Canada we have a policy called the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS2)
TCPS2 elaborates different levels of identification types (from no safeguards to full annonymization). Here is a sample from page 59 of TCPS2:
Directly identifying information – the information identifies a specific individual through direct identifiers (e.g., name, social insurance number, personal health number).
• Indirectly identifying information – the information can reasonably be expected to identify an individual through a combination of indirect identifiers (e.g., date of birth, place of residence or unique personal characteristic).
• Coded information – direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (e.g., the principal investigator retains a list that links the participants’ code
names with their actual name so data can be re-linked if necessary).
• Anonymized information – the information is irrevocably stripped of direct identifiers, a code is not kept to allow future re-linkage, and risk of re-identification of individuals from remaining indirect identifiers is low or very low.
• Anonymous information – the information never had identifiers associated with it (e.g., anonymous surveys) and risk of identification of individuals is low or very low.
Where do you see the role of pseudonymization in the context of the categories mentioned?