This is a proposed new standard glossary term. See this post for background on this review track. To comment on the term below either click the blue “Reply” button at the bottom or select a passage of text in the term and click the “Quote” pop-up to create a comment about that section only.

Short Definition: The process of replacing personally identifiable information with a pseudonym.

Extended Definition: The process of replacing personally identifiable information with a pseudonym. Identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. This can be done either with or without the possibility of re-identifying the subject of the data (reversible or irreversible). It allows for data on the same subject to be linked across data records without revealing the identities.



Related Terms:


Term Lead: Tessa Pronk




I wondered how irreversible pseudonymization differs from anonymization.


On behalf of Natalie Banner (Wellcome/Understanding Patient Data):

Data that has been through a process of pseudonymisation may, in principle, still constitute personal data depending on what other information a data user might reasonably have access to, that would enable them to re-identify individuals. The data environment needs to be taken into account when determining the appropriate governance and protections for data that has been pseudonymised.

It should also be noted that the term pseudonymisation is likely to be unfamiliar to research participants and may cause confusion in the consent process. The initiative ‘Understanding Patient Data’ [ ] has proposed alternative language that is more accessible and meaningful to the lay public, alongside images that help to get the concepts across quickly and easily. If data has been pseudonymised and sits in an environment that presents a low risk of identity disclosure, the term ‘depersonalised’ may be used instead to describe the data.


Thank you for your comments, Aki. Yes, I agree.


So, how does pseudonymization differ from de-identification?

In Canada we have a policy called the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS2)

TCPS2 elaborates different levels of identification types (from no safeguards to full annonymization). Here is a sample from page 59 of TCPS2:

Directly identifying information – the information identifies a specific individual through direct identifiers (e.g., name, social insurance number, personal health number).

• Indirectly identifying information – the information can reasonably be expected to identify an individual through a combination of indirect identifiers (e.g., date of birth, place of residence or unique personal characteristic).

• Coded information – direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (e.g., the principal investigator retains a list that links the participants’ code
names with their actual name so data can be re-linked if necessary).

• Anonymized information – the information is irrevocably stripped of direct identifiers, a code is not kept to allow future re-linkage, and risk of re-identification of individuals from remaining indirect identifiers is low or very low.

• Anonymous information – the information never had identifiers associated with it (e.g., anonymous surveys) and risk of identification of individuals is low or very low.

Where do you see the role of pseudonymization in the context of the categories mentioned?



I would like Xinjie Cui (PolicyWise for Children and Families) to weigh in on this, and also take a look at what the latest is that is coming out of Harvard’s Dataverse project .


I don’t think Xinjie has yet participated in the Open Review - perhaps you can send her an email including a link to the topic you want her feedback on?


I sent a private email to Xinjie.


This topic was automatically closed after 0 minutes. New replies are no longer allowed.



This topic was automatically closed after 0 minutes. New replies are no longer allowed.