TCS iON | Blog

Pseudonymity: An answer to Assessment Privacy Concerns

Introduction:

Data security is of paramount importance today due to the vast amounts of sensitive information stored and transferred online, necessitating measures to protect privacy, comply with regulations, and maintain trust. In 2024, there have been over 5000 publicly disclosed data breaches, exposing more than 20 billion records. Pseudonymity plays a crucial role in enhancing data security by replacing personal identifiers with pseudonyms, thereby minimizing the risk of direct identification.

Pseudonymity is a way of storing electronic data where names or other information to identify a person are stored separately from the data about them. For example, an assessment result could be associated with a numeric ID representing the person who took the assessment rather than with the person’s name. When data is pseudonymized, there is a separate index that allows matching the numeric ID to the name, stored separately.

A key benefit of pseudonymity is that if there is a data breach or other leakage, the data leaked may not include information that identifies the people involved. Pseudonymity can reduce the risks involved with processing personal data and often strikes a good balance between allowing data to be used and protecting people’s privacy.

This article explains what pseudonymous data is, explores the benefits to the assessment community of pseudonymity in the processing of assessment results and other personal data used in testing and examinations, and describes how TCS iON utilize pseudonymous data in the provision of its assessment platform.

Identified, pseudonymous, and anonymous data:

Let’s start by defining some commonly used terms:

• Personal data (also called personal information) is often defined as being any data or information related to an identified or identifiable natural person.

• Anonymous data is data that does not relate to an identified or identifiable person, either because identifying information was not captured in the first place or if it has been anonymized or de-identified with the intent that the data cannot be associated with any person again. Anonymous data needs to be unidentifiable.

• Pseudonymous data is data associated with a particular person, or persons, where additional information is needed to identify the specific people. Often this is created by replacing someone’s name with a system generated ID or reference number, where the key to associate the ID to a person is held separately. The separately held information also needs to be kept secure to prevent it from being used to identify individuals.

The table below shows three examples. A common example of personal data in the assessment context is a list of names of people and their scores in an assessment.

• The left column shows the full personal data — the name and score achieved.

• The middle column shows anonymous data — essentially just a list of scores.

• The right-hand column shows pseudonymous data — the names of people have been replaced with IDs.

Figure 1: Examples of Personal, Anonymous and Pseudonymous data

In most assessment use cases, it is important to be able to associate data with the people that generated the data. Data cannot be anonymous as you need to know who passed or failed a test so you can take the appropriate action (e.g., give a certificate or provide notification of failure to pass).

However, making data pseudonymous is a useful measure with assessment data. It still allows data to be associated with people when needed, but identity is masked for other processing. For a lot of tasks, pseudonymous data is sufficient and personal data from which an individual’s data can be identified or is readily identifiable is not needed to achieve the organization’s purposes.

A well-established example is the manual grading of essays. It’s common practice to mask the name of the test taker to graders so they will not be influenced by any knowledge of the test taker, but, of course, the system requires the identity of the test taker to be able to assign the score in the master records.

The European GDPR law advocates pseudonymization and says:

“The application of pseudonymization to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations.”

How pseudonymous data increases security:

When considering the security of assessment data, it is helpful to identify risks and threats to data and potential countermeasures. A common approach to analyzing security risk is to consider the impact and probability of each potential risk to the confidentiality, integrity, and availability of data and put in place measures to reduce the impact and probability.

In general, pseudonymization reduces the impact or consequences of many risks, for example:

• Impact of data breach: A security risk that concerns all organizations is data being leaked or otherwise exposed in a breach, for example on the Internet. However, if data is pseudonymous, this is much less of a loss to confidentiality than if fully identified data is leaked. That is because unless the breach also contains the index of IDs to names, it will be difficult or impossible to identify the real people behind the leaked pseudonymous data, and, as such, the leakage or breach is much less of a concern for individuals.

• Insider risk: To run their operations, most organizations need to give employees some level of access to personal data. Insider risk is where such a trusted individual breaks trust and accesses or uses the data inappropriately, such as for nefarious or otherwise prohibited purposes. Providing most employees that need access to data with pseudonymous data only reduces this risk and the associated impact.

• Use of processors: It’s common in assessment programs to use several different service providers for delivery, scoring, and analysis of assessments. In privacy parlance, these companies are commonly referred to as “processors.” The risks of security problems are obviously increased the more organizations have access to and process data. However, many processors and sub-processors do not need to know the identity of test-takers and can perform the processing required to deliver their services using pseudonymous data. In such a case, there is a much lower impact if they have a security failure.

Data that is pseudonymous, where the index or keys to the pseudonymized data is held separately, is in general much more secure than identified data.

How pseudonymous data reduces legal and compliance risk:

There are significant benefits to pseudonymity under many privacy laws. These laws vary by geography so here is an overview for some countries and territories.

Europe (including the UK)

Under the GDPR, pseudonymized personal data is still personal data and therefore processing needs to comply with GDPR. The same is true under UK data protection law after Brexit. Although individuals working with the data may not know the identity of the test takers, the testing organization is still able to link the individual records back to individual data subjects.

However, there are significant benefits to pseudonymization under the GDPR and UK data protection law:

1. Security Measures: Under these laws, organizations are required to implement technical and organizational security measures that are appropriate to the risk, considering the personal data and processing involved. Pseudonymization is recognized as a strong measure to secure data and if in place, other measures may be less needed.

2. Breach Notification: These laws have strong requirements around notification in the event of a data breach and can also result in fines following data breaches. A breach of genuinely pseudonymous data involves much less risk than a breach of identified data, and typically it would not be necessary to notify data subjects of a pseudonymous data breach, and it might not even be required to notify the supervisory authority. (However, this depends on a risk analysis, and needs to be evaluated on a case-by-case basis.) It’s also much less likely to result in a fine If a data breach happens.

3. Data Protection by Design: These laws encourage use of pseudonymization as part of the recommended “data protection by design.” In many interactions with regulators there will be some benefit given for implementing pseudonymization. For example, if you can achieve a purpose using pseudonymous data rather than identified data, then it is likely expected that you do this, including to conform with personal data minimization expectations.

4. International Transfers: The European Union and the UK have strict rules regarding the transfer of personal data to other geographies which are beyond the scope of this article. The key point here is that when considering the possible impact on individuals of the processing of their personal data outside of the EU or UK, pseudonymization may be an appropriate safeguard to allow processing/transfer to continue.

5. Processing Purposes: If you have some data collected for one purpose and want to use it for a secondary purpose, then if you can do the secondary purpose with pseudonymous data, you may be able to proceed without going back to the test taker. There are other factors that need to be considered in determining compatibility of purposes of processing data, so you should review carefully with a privacy expert beforehand.

USA

The US has a patchwork of federal and state privacy laws, the former being largely sector-specific (at least when it comes to the commercial sector) and the latter still relatively few and existing alongside state data breach notification laws.

All fifty US states, Washington D.C., and Puerto Rico now have their own breach notification laws. Although these laws differ with respect to specific details, all create incentives for organizations to follow good security measures. A common theme among these laws is that the definition of personal information involves a combination of identified data. Only breaches of specified, identifiable personal information trigger reporting requirements under all US state laws—for example, a name and an email address, or a social security number. Because pseudonymous data is not personal information and is not capable of identifying a person without the key, if only pseudonymous data is leaked, there is no breach that would trigger a reporting obligation under state breach notification laws.

Other Jurisdictions

An ever-increasing number of other countries are enacting privacy laws, often taking inspiration from the European GDPR. The examples of these laws that include provisions on pseudonymous data are:

privacy-law-and-provisions-on-pseudonymous-data

How TCS iON uses pseudonymous data:

TCS iON Digital Assessment is the World’s Largest Digital Assessment Platform conducting effortless, paperless, and errorless assessments. TCS iON has serviced more than 80% of the high-stake exams in India and currently expanding globally. TCS iON Digital Assessment platform served more than 425 million+ candidates and 590 + customers till date. The platform has 560+ unique subject question papers and delivered 5,480+ exams as well.

The below numbers will provide a detailed overview of the reach and usability of the digital assessment platform:

Pseudonymity is at the core of the TCS iON Digital Assessment Platform. The platform does not use or need learner’s personal identities. Therefore, following the principles of privacy by design and data minimization, TCS iON requires that customers using its platform pass a nameless user ID. The platform then delivers an assessment to that unknown learner and passes back the results. TCS iON has no knowledge of the learner’s identity. Only the customer can map the user ID back to that individual.

For example, in the diagram below, the learner is called Jane Doe, but an ID is generated “1234567” and TCS iON only knows that and doesn’t know her name, address, or date of birth. It delivers the assessment and passes back the result.

Once the assessment is completed, the answer scripts are sent for marking, during which all identifiable learner details are masked. This masking process leverages the principle of pseudonymity, wherein learner’s actual identities are replaced with unique codes. The examiners are only provided with these pseudonyms, ensuring that they cannot associate a learner's identity with their answer script.

This approach adds a layer of privacy protection, safeguarding learner’s personal information from unintended exposure. Pseudonymity, in this context, not only prevents bias but also enhances data security, ensuring that grading remains objective and confidential. By dissociating the learner’sreal identities from their work, it mitigates the risk of discrimination and fosters a fairer and more secure evaluation system.

The advantage of using pseudonymity for TCS iON customers is that they can use TCS iON as an assessment platform with much less concern about the privacy of their learners than with a platform that has the identities of learners. This reduces both security and compliance risk and is a good example of how privacy by design benefits all stakeholders—TCS iON, its customers, and learners.

Conclusion:

The Article provides the introduction to the concept of pseudonymization and explains how it is a useful measure both for reducing security risk and to aid with geography specific compliances. It also imparts the information on how the pseudonymization technique is being used by TCS iON Digital Assessment Platform.

Although the education space is witnessing rapid digitalization and virtualization, yet industry players must tackle several challenges. The lack of adequate IT security policy and cyber security management can not only put crucial data at risk but also bring core operations of the institute to a standstill. With TCS iON’ pseudonymization technique, educational institutes are assured of the benefits of cost saving, cyber resilience, risk mitigation, and remediation.

Privacy Notice

Version 1.07 Last updated on 2024-06-20

TCS iON is a strategic business unit of Tata Consultancy Services focused on enabling institutions, government departments and organizations from multiple industry sectors to be efficient in their recruitment/admissions process, learning and skilling and overall business operations with the use of ‘Phygital’ platforms. These are platforms that overlay digital technologies over physical assets. TCS iON delivers this with a unique IT-as-a-Service model that provides easy-to-use, secured, integrated, and hosted solutions in a build-as-you-grow and pay-as-you-use business model. Serving clients with the help of best practices gained through TCS’ global experience, deep domestic market exposure along with industry leading technology expertise.

Our Privacy Notice explains:

Who we are, what information we collect and why we collect it. How we use that information. The choices we offer, including how to access and update information.

Your privacy matters to TCS so whether you are new to fill in the enquiry form or returning, please do take the time to get to know our practices – and if you have any questions contact us.

While we have tried to keep this document simple, there may be terms you are unfamiliar with. Please read about them before giving your consent.

If you are a US resident, please click here to refer US privacy regulations:

Information we collect

We collect information to provide better services to all enquiries we receive. However there are no account or users are created automatically by filling the enquiry form on www.tcsion.com

We collect information in the following ways:

Information you give us. For example, our services require you to sign up for a learning module. When you do, we’ll ask for personal information, like your name, email address, guardian details if you are a minor, telephone/mobile number to store with your account, your time zone information if you need to see system records as per your own time, your academic and professional information like educational achievements, designation etc., which you can voluntarily provide if you want to use certain features.

Information we collect by automated means. When you visit our Sites, we may collect certain information by automated means, using technologies such as cookies, web server logs, web beacons and JavaScript.  Our Sites are not designed to respond to “do not track” signals received from browsers.

Information we get from your use of our services. We collect information about the services that you use and how you use them, like the name of the learning module, the duration of the course, interactions with the learning community, the scores/grades that you achieve while completing the course etc.

Device information. We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). The platform may associate your device identifiers or phone number with your Learning account.

Log information. When you use our services or view content provided by TCS, we automatically collect and store certain information in server logs. This includes details of how you used our service, such as your search queries, Internet protocol address, device event information such as crashes, system activity (for example when you joined a particular community, what posts you created/edited etc., any remarks by Admins on your activities), hardware settings, browser type and browser language, the date and time of your request and referral URL.

Location information. When you use our services, we may collect and process information about your actual location.

Local storage. We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and similar technologies. Cookies are files that websites send to your computer or another Internet-connected device to uniquely identify your browser or to store information or settings on your device.  Our Sites may use cookies such as HTTP cookies.  Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies.  Please note, however, that without cookies you may not be able to use all the features of our Sites.

Other.  We may use third-party web analytics services on our Sites, which help us analyze how users use the sites. The information collected for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers.

We may use third-party plug-ins on our Sites, such as social sharing tools.  The providers of these plug-ins may use automated means to collect information regarding your use of the Sites if you choose to interact with the plug-ins.  This information (together with any additional information you submit using the plug-ins) is collected directly by the provider of the applicable plug-in and is subject to the privacy policies of that provider.

We may also use your unique identifier (like employee number) only in case some integration is required with your parent organization’s legacy systems.

How we use information we collect

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect TCS and our users. We also use this information to offer you tailored content – like giving you more relevant search results.

We do not share your information with outside parties.

When you contact us, we keep a record of your communication to reach out to you to address your enquiry or help solve any issues you might be facing.

We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer.

Our automated systems analyse your content (including emails that you send to us) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.

TCS processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.

We may use your contact information to engage with you on social media and messaging platforms.

Transparency and choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:

Review and update your profile. Review and control certain types of information tied to your Account.

You may also set your browser to block all cookies, including cookies associated with our services. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.

Information you share

Our services let you share information with others.

Accessing and updating your personal information

Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others.

We provide access to your information and correction of erroneous data to support your rights, as embodied in legislation. We aim to maintain our services in a manner that protects information from accidental or malicious destruction.

Information we share

We do not share personal information with companies, organizations and individuals outside of TCS unless one of the following circumstances applies:

With your consent

We will share personal information with companies, organizations or individuals outside of TCS when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information like your religion, biometric details etc.

With domain administrators

If your Learning Account is managed for you by a domain administrator then your domain administrator who provides user support to your organization will have access to your Learning Account information (including your email and other data). Your domain administrator may be able to:

View statistics regarding your account, change your account password, suspend or terminate your account access, access or retain information stored as part of your account, receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request and restrict your ability to delete or edit information or privacy settings, subject to compliance with applicable law.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures.

For example, some of the user contact details (email and mobile number) are shared with the platform payment service provider for financial compliance purposes.

For legal reasons

We will share personal information in terms of access, use, preservation or disclosure of such information to the extent that it is reasonably necessary, with companies, organizations or individuals in good faith.

This may be done to:

Meet any applicable law, regulation, legal process or enforceable governmental request, enforce applicable Terms of Service, including investigation of potential violations, detect, prevent, or otherwise address fraud, security or technical issues, protect against harm to the rights, property or safety of TCS, our users or the public as required or permitted by law.

We may share non-personally identifiable information publicly and with our partners – like publishers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

Currently we do not allow posting anything on the TCS iON website publicly.

If TCS is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy Notice.

Information security

We work hard to protect TCS and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold.

In particular:

We encrypt all of our services using Secure Sockets Layer (SSL). We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing. We restrict access to personal information to TCS employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Children and the TCS iON website

If you are a minor, you may visit the website and do necessary actions under or only with the consent of a parent or guardian.

When this Privacy Notice applies

Our Privacy Notice applies to all of the services offered by TCS and its affiliates but excludes services that have separate privacy policies that do not incorporate this Privacy Notice.

Our Privacy Notice does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results or other sites linked from our services. Our Privacy Notice does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

Compliance and cooperation with regulatory authorities

We regularly review our compliance with our Privacy Notice. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Changes

Our Privacy Notice may change from time to time.  We will post any Privacy Notice changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy Notice changes). We will also keep prior versions of this Privacy Notice in an archive for your review.

Retention Policy:

Our data retention policy is governed in compliance to local privacy laws.

1 - Basic and contact details:

We keep the basic and contact details captured via the fill in/enquiry form for a duration of 6 years to provide better support for the enquiry filled in the form.

Transferring your personal data outside of your country of residence

We may transfer the personal data we collect about you to one of more countries outside of your country of residence or outside of the country in which you access this website, including India, in order to perform one of the activities listed above (see "How we will use information about you"). – In such cases, we have put in place the appropriate measures to ensure that your personal data will be secure according to the laws of the country in which you reside. If you require further information about these protective measures, you can request it from our Data Protection Officers (see contacts below) or send an email to tcs.cpo@tcs.com.

How to contact us

If you have a privacy concern, complaint or a question regarding this privacy statement, please direct it to the Chief Privacy Officer of Tata Consultancy Services at tcs.cpo@tcs.com or contact us through the “Contact us” form on tcs.com or affiliate websites where you provided your Personal data indicating your concern in detail.

For the purposes of the data processed under this statement, the controller or business/service provider for the data processing of your personal data collected through our websites is Tata Consultancy Services Limited, TCS House, 2nd Floor, Raveline Street, Fort Mumbai 400 001, India. For all the other purposes indicated above, the controller or business/service provider is the same entity unless indicated otherwise in other privacy statement communicated in each situation.

Right to withdraw consent

In the limited circumstances and based on your country of residence; where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officers (see contacts below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so.

For region(Geo) specific notices, pls refer https://www.tcs.com/who-we-are/legal/tcs-privacy-notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.

Please find below the list of region wise Data Protection Officers

We have appointed Data Protection Officers (DPOs) to oversee compliance of TCS with applicable data protection laws and with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO in your region:

Data Protection Officer for UK and Ireland DPO.uki@tcs.com	Data Protection Officer for Continental Europe DPO.Europe@tcs.com
Data Protection Officer for the United States US.Privacy@tcs.com	Data Protection Officer for Canada Canada.Privacy@tcs.com
Data Protection Officer for LATAM DPO.LATAM@tcs.com	Data Protection officer for Brazil DPO.Brasil@tcs.com
Data Protection officer for APAC DPO.APAC@tcs.com	Data Protection officer for MEA Mea.privacy@tcs.com
Data Protection officer for TCS Technology Solutions (TTS) DCE.TTSDPO@tcs.com

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.