The FTC published a blog post reminding companies that hashing data is not (on its own) enough to render data anonymous. Hashed IDs and other data are pseudonymous, but still within the scope of most privacy laws. Companies should be careful when using the term “anonymous”, when de-identified or pseudonymized may be more appropriate.
Key takeaways from the FTC:
- Hashing does not make data anonymous, as it can still be used to identify and track individuals, posing privacy risks.
- The FTC has brought cases against companies like Nomi and BetterHelp for misusing hashing and misleading privacy claims, resulting in identifiable user data being exposed.
- Companies must avoid claiming that hashing personal information renders it anonymized and should ensure their privacy practices align with their public statements to avoid deceptive practices.
/Passle/63ef8bdcf636e911c850090e/SearchServiceImages/2024-11-12-20-19-39-427-6733b85bd8026329178cc7a5.jpg)
/Passle/63ef8bdcf636e911c850090e/SearchServiceImages/2024-11-04-16-43-29-471-6728f9b1040252b8910f9b8c.jpg)
/Passle/63ef8bdcf636e911c850090e/SearchServiceImages/2024-10-24-22-07-18-966-671ac5166c2eaf81a8500bca.jpg)