General PII Questions
What is personally identifiable information (PII)?
PII is any information that permits the identity of an individual to be directly or indirectly determined or inferred, including any information that is linked or linkable to that individual. Examples of common PII are names, addresses, birthdates, etc.
Which policies protect PII?
The best policies are those which take the responsibility of managing and storing PII very seriously. There are countless solutions out there but we classify most of them as either ‘Fences’ or ‘Guard dogs’. The ‘fences’ are designed to keep everyone out and the ‘guard dogs’ job is the sniff and growl at everyone so nobody does anything they shouldn’t.
PII Vault takes the approach of removing the PII so that if anyone does get in, or you need to share your data outside of our fence that there is no identifying information to be lost or stolen.
Does anything happen when corporations lose personally identifiable information?
Yes, lots. Just check out what happened to Target and Equifax who are just two of the better-known examples of companies whose data was (very publicly) hacked and lost.
What is the potential cost of exposure of PII?
There are many potential consequences of exposing the PII under your responsibility. Included in this list are loss of reputation, loss of customer trust and the cancellation of partnerships. Additionally, the potential monetary costs cannot be under-emphasized. According to a 2020 study by IBM and Ponemon the average cost of exposure per record of data, with PII, is $150. However, that cost jumps to over $450 per record if the data includes financial or healthcare related information. If that is not scary enough, if data on the residents of the European Union are exposed then costs can go to 3% of an organizations GLOBAL revenue.
BTW, PII Vault can ensure none of this ever happens for pennies per record.
What is the best protection method for sharing personally identifiable information?
People have been arguing over this question since before it became a problem. At Anonomatic we believe the best way is to not share it but to use PII Vault instead. By using PII Vault you get all the benefits of sharing PII but none of the risks.
We have our own definition of what data is private or identifying. How can you help?
General Product Questions
Where can the PII Vault data privacy system be used?
The PII Vault can be used in any vertical, including financial services, healthcare, retail, media & entertainment, and utilities. We have found that many analytics efforts are stymied, or even prevented, because of the concerns or overhead associated with the sharing of PII. When the risk associated with sharing PII is removed, not only can more projects be green-lighted, but the overhead costs dramatically decrease.
What if there are only two sources of data with PII, do we still need you?
Yes. It’s not how many sources of data you have; it’s whether you need to protect your fact data from risk of exposure and identification in order to use it.
How do I use the PII Vault without having to send you our PII?
There are a lot of solutions out there, what makes Anonomatic different?
Have you seen us dance? People often call us ‘different’ when they see that. But seriously, most companies have a ‘we do it all’ approach. Their products tend to be large, complex and expensive. They require extensive setup, training and constant management. PII Vault was designed to be completely different. It can be setup and operational in minutes. With no screens, report or other user access to data we are the ultimate in PII protection.
We do business in the EU. Those rules are a nightmare! How can you help?
Do I need to set up an account with you?
Yes. We do collect just enough information to support your use of our products and for billing.
How do I change and check my account details?
Use the Log In option on our website. Provide your credentials and review your details there.
I’ve forgotten my password.
You can always reset your password on the Log In page.
My account has been suspended.
Please contact Anonomatic Support if there are any problems with your account. It is why we are here.
What payment methods do you accept?
Anonomatic uses Stripe for online payment processing and they take pretty much everything. For enterprise accounts quarterly billing is available.
Anonomatic does offer multi-unit discounts. If you have more than five(5) instances of the PII Vault please contact Sales via email@example.com.
How do you price?
We price our service based on the amount of unique profiles, or records, we secure and anonymize. The cost per profile goes down with each successively higher tier. There is even a discount for an annual plan. You only pay for ten months per year.
Can I run the PII Vault in my own datacenter or cluster?
Absolutely! We know your PII is one of your most sensitive collections of data. So we provide all our capabilities as a ‘Black Box’, stand-alone Docker Container. This means you can run it wherever you like. In your public cloud or your private / hybrid cloud.
Data Security Questions
How do I anonymize data?
There are many answers to this question. Most of them depend on what it is that you plan to do with the data once it is anonymized.
Luckily for you, there is one solution which works regardless of where and how the data will be used. With the PII Vault, we are your segregated PII storage solution. When your PII is in the PII Vault, you have full use of your data with none of the risk or overhead of storing the PII with it.
How does the Anonomatic PII vault system secure my data?
Many standard techniques can secure data both at rest and in motion. At Anonomatic we use every method that makes sense. However, we do even more. Almost every software system has multiple access points to the data. There are reports, exports, front-ends, vendor portals, etc. In PII Vault, there is only one way for data to get in and one way for it to get out. We have no reports running against your data, nor are there any front-ends, graphical or other interfaces. Having a single entry point drastically reduces risks. Beyond that, we encrypt your data three different ways with three different technologies. The entire database is encrypted with AES-256 encryption, which you probably expected. However, we also encrypt every row with our patent-pending Data Sundering technology and encrypt individual column values with arithmetic encoding.
What is Data Sundering?
Data Sundering is a technology we developed that was designed to provide all of the benefits of encryption but that also allows “fuzzy” matching. Most importantly, it keeps your data secure at rest in such a way that even we can’t read it until we’re sent your half of the Sunder Key.
What if someone were to hack into the PII Vault system and my organizations system? Can the hacker recombine the data?
The short answer to that question is no. The longer answer is that with Poly-Anonymization, the values of the keys we keep in our own database are different from the values we distribute. Therefore, there is no common value that would allow any bad actor or intruder to combine this data.
What industry security controls and practices does Anonomatic follow?
Anonomatic has already implemented its own security architecture starting with industry best practices, and then beyond that with our own custom technology. We also continuously work to achieve higher standards such as SANS Top 20 Controls for Internet Security, Consensus Audit Guidelines, NIST guidelines and Internet standards.
Anonomatic also retains a security firm to identify application or network-level security issues that could adversely affect the integrity of PII Vault on a regular basis.
Data Storage / Access Questions
Who will have direct access to my organization’s data?
When your data is stored in the PII Vault, the short answer is no one has direct access to it. The PII Vault is a collection of APIs which perform limited number of pre-defined functions on your data. There is no interface for anyone to get in and look at, manipulate or export this data. Only someone using the API, with the appropriate access keys is able to use the PII Vault at all.
What happens to the PII once my organization sends it to the PII Vault system?
The data you send to the PII Vault is stored there for use but only to perform one of the functions of PII Vault such as Poly-Anonymization, Anonymous Data Matching, Poly-Pseudonyms or PII Redaction. There are no other uses for your data other than those provided by the PII Vault API. This means there are no forms or windows to access the data, no reports, no analytics, nothing.
How does my organization decide what data to send to the PII Vault system?
There are lots of different sources out there to help you determine what data should be considered PII and what is not. Some things such as people’s names, driver’s license numbers
and birthdates are easy to pick out as PII. Others are not so clear. The final choice is up to you, but you should also be careful about not only directly identifying data but also re-identifying
data. Also, if you’re in a regulated industry such as the medical field, there are published regulations that dictate what is PII. Always follow those rules.
You collect a lot of data. Do you monetize it.
Absolutely not. The data we collect, store and protect doesn’t belong to us; we are simply its stewards. We don’t leverage your data in any way for our benefit; in fact, we can’t even read it unless you’re asking us to act on it.
How do we clean out old data from the PII Vault?
We need to implement the Right to be Forgotten. Can you do that?
Sharing Data Questions
Our organization wants to collect data with PII from other organizations, but they are reluctant to share it. Can you help?
Yes! When you incorporate PII Vault in your data collection, you can sidestep most, if not all, of the collecting, securing and sharing issues surrounding the collection of PII. This is because when you use PII Vault, our unique solution allows you to never receive any PII.
We are being asked to share our data, with PII, to another organization, but are afraid of the risk and liability. How can Anonomatic help?
Sharing PII is like hitchhiking: a risk-taker is sharing data with a risk-taker. Our advice: Don’t get in that car. Instead, PII Vault allows you to share your fact data with complete anonymity. Wave that risky car away and grab a ride on the PII Vault bus instead.
There Are A Lot Of Organizations Who Will Need To Send Data. What Now?
There is no limit to how many accounts (data sources) one of our subscribers (data processors) can have. If you have specific questions or think your situation is unique, please reach out to us. We are here to help.
I have custom needs for matching profiles. How can I use my proprietary rules with the PII Vault?
Just let us know what you need. We can work with you to create a custom matching algorithm.
Anonymization / Data Privacy Technology Questions
Do you use hashing?
Like most technologies, hashing has its uses. At Anonomatic, we believe it also had its time as the best solution out there but that time is now over. Poly-Anonyimization has more benefits of hashing and none of the downsides.
How are you better than Differential Privacy?
How does Poly-Anonymization work?
How much data can the PII Vault effectively manage?
What about performance?
Like any other software vendor, we are constantly working on improving our performance. As of June 2021, we can currently process over 2,000 new, unique profiles every second. Whatever your performance needs, we believe PII Vault will be part of your solution, not your problem.
Is PII Vault data encrypted?
What about access to the data? Who has access?
How do I access the PII Vault API?
How are the API Calls Secured?
We use HTTPS for all our API endpoints. Using your own signed certificates to encrypt the calls is a simple process.
Can You Help Us With Our Regulatory Compliance Issues?
Does Anonomatic Have A Business Continuity Plan?
Looking forward to helping you get your questions answered