What is the difference between anonymization and pseudonymization?

• A. Anonymization removes identifiers; pseudonymization replaces with a code; use when re-identification is not desired versus permissible.
• B. Anonymization replaces data with hashes; pseudonymization eliminates data.
• C. Anonymization keeps identifiers but hides them; pseudonymization is never reversible.
• D. Anonymization involves encryption; pseudonymization uses password protection.

Answer: (A)

The key idea is how identifiable a person remains in the data. Anonymization aims to remove enough identifiers so re-linking data to a person is not feasible, ideally making the data effectively non-identifiable. Pseudonymization, on the other hand, replaces identifiers with codes or pseudonyms but keeps a separate key or mapping that can re-link the data to the individual if needed and authorized.

So, anonymized data is suitable for sharing or publishing when you don’t want anyone to identify individuals, because re-identification is not intended or possible. Pseudonymized data still allows re-linking to the original person under strict controls, which is useful when the data provider may need to re-identify for legitimate purposes (for example, follow-up studies or clinical contexts) but wants to reduce direct exposure of personal identifiers.

A simple way to see the difference is to think of removing names and addresses and possibly aggregating ages as a permanent change—that’s anonymization. Replacing those identifiers with a random code while keeping a separate key to map that code back to the person—that’s pseudonymization.

The other options mix up methods or reversibility. Hashing or encryption are specific techniques and don’t by themselves define anonymization or pseudonymization; and saying data is eliminated or never reversible conflicts with how pseudonymization is designed to work (it is reversible with the right key).