Question 8
Domain 3: Privacy, Data Stewardship, and User RightsAn AI team wants to reduce privacy risk while still allowing analysts to work with records that can be relinked to the same individual through a separate protected key. Which technique is the best fit for this need?
Correct answer: B
Explanation
Use pseudonymization when data must remain linkable through a separately protected identifier, while anonymization is used when re-identification should no longer be possible. Aggregation and access controls reduce privacy risk in different ways but do not create relinkable individual-level records. — Source material: Select appropriate techniques such as anonymization, pseudonymization, aggregation, and access controls.
Why each option is right or wrong
A. Anonymization
Anonymization is used when data should no longer be tied back to an individual.
B. Pseudonymization
Pseudonymization fits the scenario because the records remain usable at the individual level while identities are replaced with substitute identifiers that can be relinked through a separate protected key.
C. Aggregation
Aggregation combines data into summary-level outputs rather than preserving relinkable individual records.
D. Access controls
Access controls limit who can view or use data, but they do not replace identifiers with relinkable substitutes.